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Abstract 

Like any other logical theory, domain descriptions in reasoning 
about actions may evolve, and thus need revision methods to ade- 
quately accommodate new information about the behavior of actions. 
The present work is about changing action domain descriptions in 
propositional dynamic logic. Its contribution is threefold: first we 
revisit the semantics of action theory contraction that has been done 
in previous work, giving more robust operators that express minimal 
change based on a notion of distance between Kripke-models. Second 
we give algorithms for syntactical action theory contraction and estab- 
lish their correctness w.r.t. our semantics. Finally we state postulates 
for action theory contraction and assess the behavior of our operators 
w.r.t. them. Moreover, we also address the revision counterpart of 
action theory change, showing that it benefits from our semantics for 
contraction. 
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1 Introduction 

Consider an intelligent agent designed to perform rationally in a dynamic 
world, and suppose she should reason about the dynamics of an automatic 
coffee machine (Figure 1). Suppose, for example, that the agent believes 
that coffee is always a hot beverage. Suppose now that some day she gets 
a coffee and observes that it is cold. In such a case, the agent must change 
her beliefs about the relation between the propositions "I hold a coffee" and 
"I hold a hot beverage". This example is an instance of the problem of 
changing propositional belief bases and is largely addressed in the literature 
about belief change [15] and belief update [31]. 
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Figure 1: The coffee deliverer agent. 



Next, let our agent believe that whenever she buys a coffee from the 
machine, she gets a hot beverage. This means that in every state of the 
world that follows the execution of buying a coffee, the agent possesses a 
hot beverage. Then, in a situation where the machine is running out of cups, 
after buying, the coffee runs through the shelf and the agent does not hold 
a hot beverage in her hands. 

Imagine now that the agent never considered any relation between buying 
a coffee on the machine and its service availability, in the sense that the 
agent always believed that buying does not prevent other users from using 
the machine. Nevertheless, someday our agent is queuing to buy a coffee 
and observes that just after the agent before her has bought, the machine 
went out of order (maybe due to a lack of coffee powder). 

Completing our agent's struggle in discovering the intricacies of a coffee 
machine, suppose she always believed that if she has a token, then it is 



possible to buy coffee, provided that some other conditions like being close 
enough to the button, having a free hand, etc, are satisfied. However, during 
a blackout, the agent, even with a token, does not manage to buy her coffee. 

The last three examples illustrate situations where changing the beliefs 
about the behavior of the action of buying coffee is mandatory. In the first 
one, buying coffee, once believed to be deterministic, has now to be seen 
as nondeterministic, or alternatively to have a different outcome in a more 
specific context (e.g. if there is no cup in the machine). In the second 
example, buying a coffee is now known to have side-effects (ramifications) 
one was not aware of. Finally, in the last example, the executability of the 
action under concern is questioned in the light of new information showing 
a context that was not known to preclude its execution. 

Such cases of theory change are very important when one deals with 
logical descriptions of dynamic domains: it may always happen that one 
discovers that an action actually has a behavior that is different from that 
one has always believed it had. 

Up to now, theory change has been studied mainly for knowledge bases 
in classical logics, both in terms of revision and update. Since the work by 
Fuhrmann [14], only in a few recent studies has it been considered in the 
realm of modal logics, viz. in epistemic logic [19] and in dynamic logics [21]. 
Recently some studies have investigated revision of beliefs about facts of the 
world [47, 28] or the agent's goals [46]. In our scenario, this would concern 
for instance the truth of token in a given state: the agent believes that she 
has a token, but is actually wrong about that. Then she might subsequently 
be forced to revise her beliefs about the current state of affairs or change 
her goals according to what she can perform in that state. Such belief 
revision operations do not modify the agent's beliefs about the action laws. 
In opposition to that, here we are interested exactly in such modifications. 
Starting with Baral and Lobo's work [4], some recent studies have been done 
on that issue [12, 13] for domain descriptions in action languages [16]. 

We here take a step further in this direction and propose a method based 
on that given by Herzig et al. [21] that is more robust by integrating a notion 
of minimal change and complying with postulates of theory change. 

The present text is structured as follows: in Section 2 we establish the 
formal background that will be used throughout this work. Sections 3-5 
are the core of the work: in Section 3 we present the central definitions for 
a semantics of action theory change, Section 4 is devoted to its syntactical 
counterpart while Section 5 to the proof of its correspondence with the se- 
mantics. In Section 6 we discuss some postulates for contraction/erasure and 



then present a semantics for action theory revision (Section 7). In Section 8 
we address existing work in the field. After making some comments on our 
method (Section 9), we finish with some conclusions and future directions 
of research. 

2 Logical Preliminaries 

Following the tradition in the reasoning about actions (RAA) community, 
we consider action theories to be finite collections of statements that have 
the particular form: 

• if context, then effect after every execution of action (effect laws); 

• it precondition, then action executable (executability laws). 

Statements mentioning no action at all represent laws about the underlying 
structure of the world, i.e., its possible states (static laws). 

Several logical frameworks have been proposed to formalize such state- 
ments. Among the most prominent ones are the Situation Calculus [39, 45], 
the family of Action Languages [16, 30, 17], the Fluent Calculus [49, 50], and 
the dynamic logic-based approaches [10, 6, 57]. Here we opt to formalize 
action theories using a version of Propositional Dynamic Logic (PDL) [20]. 

2.1 Action Theories in Dynamic Logic 

Let 2lct = {oi, 02, . . .} be the set of all atomic action constants of a given 
domain. An example of atomic action is buy. To each atomic action a there 
is associated a modal operator [o]. 1 

^?top = {pi,P2, ■ ■ ■} denotes the set of all propositional constants, also 
called fluents or atoms. Examples of those are token ("the agent has a 
token") and coffee ("the agent holds a coffee"). The set of all literals is 
£it = {£1,^2, • • •}, where each £i is either p or —>p, for some p £ *Ptop. If 
£ = —>p, then we identify —>£ with p. By \£\ we denote the atom in £. 

We use small Greek letters ip,ip, ■ ■ ■ to denote Boolean formulas. They 
are recursively defined in the usual way: 

ip ::= p | T | _L | -up \ipAip\(pVip\(p—>ip\ip^tp 



We here suppose that our multimodal logic is independently axiomatized [32], i.e., 
the logic is a fusion and there is no interaction between the modal operators. This is a 
requirement to achieve modularity of action theories [25] (see further). 



Jml is the set of all Boolean formulas. An example of a Boolean formula is 
coffee — > hot. A prepositional valuation v is a maximally consistent set of 
literals. We denote hy v\\~ ip the fact that v satisfies a propositional formula 
ip. By val((f) we denote the set of all valuations satisfying ip. \= denotes 
the classical consequence relation. Cn(cp) denotes all logical consequences of 
ip in classical propositional logic. 

If ip is a propositional formula, atm(ip) denotes the set of elementary 
atoms actually occurring in (p. For example, aim(-ip 1 A(-ip 1 Vp 2 )) = {PitP-i}- 

For (p a Boolean formula, IP(<p) denotes the set of its prime impli- 
cants [43], i.e., the weakest terms (conjunctions of literals) that imply (p. 
As an example, IP(pi © p 2 ) = (Pi A _, J?2) _, Pi A ^2}- For more on prime 
implicants, their properties and how to compute them see the chapter by 
Marquis [36]. By ty we denote a prime implicant, and given £ and tv, £ € it 
abbreviates l £ is a literal of tt\ 

We denote complex formulas (possibly with modal operators) by <P, \P, . . . 
They are recursively defined in the following way: 

(a) is the dual operator of [a], defined as {a)<P =a e f -^[a]^<P. An example of 
a complex formula is -> coffee — > [&m/]coj{fee. 

The semantics is that of PDL without the * operator, which amounts 
to multimodal logic K n [42]. In the following we will refer to PDL but our 
underlying logical formalism is essentially the simpler multimodal logic K n , 
which turns out to be expressive enough for our purposes here. 

Definition 2.1 (PDL-model) A PDL-model is a tuple ^ = (W,R) where 
W is a set of valuations (also called possible worlds), and R maps action 
constants a to accessibility relations R a C W x W. 

As an example, for 2lct = {aj, a 2 } and tyxop = {ft,^}) we have the 
PDL-model Jt = (W,R), where 

W= {{Pl,P 2 },{Pl^P2},{^Pl,P2}}, 

R f \ = / (■LPl»ft} ) {Pl ) - , ftj}))({Pl»P2}»{- , Pl)P2}). 

" I ({Pl^P2},{Pl,^P2}),({Pl,^P2},{^Pl,P2}) 
R{oa) = {({Pl,ftj},{-'Pl,ftj}),({-'Pl,l»2},{-'Pl,P2})} 

Figure 2 gives a graphical representation of M ' ? 



"Notice that our notion of PDL-model does not follow the standard notion from modal 
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Figure 2: Example of a PDL-model for Stct = {a\, 0,2}, and ^trop = {p±,P2}- 

Definition 2.2 (Truth conditions) Given a PDL-model J£ = (W,R), 

\= p (p is true at world w of model j$) if w lh p (the valuation w 
satisfies p, i.e., p £ w); 

\= [a]<P if \= r <P for every w' s.t. (w,w') G R a ; 
\=<PA&xf\=<P and \= W; 

w w w 

h= $ V <?■ j/ 1= or h ^, or both; 

\= -■<£ ifSF®, i-e-, not \= <P; 

truth conditions for the other connectives are as usual. 
By M. we will denote a set of PDL-models. 

A PDL-model j% is a model of ^ (denoted |= ^) if and only if for all 
w G W, \= <P. In the model depicted in Figure 2, we have |= p x — ► [a2]p 2 
and |= p l V p 2 . 

Definition 2.3 (Global consequence) ^ is a model of a set of formulas 
E (noted \= T,) if and only if \= <P for every <P G E. A formula <P is 
a consequence of a set of global axioms E in the class of all PDL-models 
(noted E hs DL ^j if and only if for every PDL-model M ', if \= E, then \= <£>. 



logics: here no two worlds satisfy the same valuation. This is a pragmatic choice (see Sec- 
tion 4). Nevertheless, all we are about to state in the sequel can be straightforwardly 
formulated for standard PDL models as well. 



With PDL we can state laws describing the behavior of actions. One way 
of doing this is by stating some formulas as global axioms. 3 As usually done 
in the RAA community, we here distinguish three types of laws. The first 
kind of statements are static laws, which are Boolean formulas that must 
hold in every possible state of the world. 

Definition 2.4 (Static Law) A static law is a formula ip £ JmL 

An example of a static law is coffee — > hot, saying that if the agent holds a 
coffee, then she holds a hot beverage. The set of all static laws of a domain 
is denoted by S C StrtL In our example we will have S = {coffee — > hot}. 

The second kind of action law we consider is given by the effect laws. 
These are formulas relating an action to its effects, which can be conditional. 

Definition 2.5 (Effect Law) An effect law for action a is of the form ip — > 
[a]ip, where ip,ip £ StnL 

The consequent ip is the effect which always obtains when action a is exe- 
cuted in a state where the antecedent p holds. If a is a nondeterministic 
action, then the consequent ip is typically a disjunction. An example of an 
effect law is -^coffee —>■ [buy]coffee, saying that in a situation where the agent 
has no coffee, after buying, the agent has a coffee. If ip is inconsistent, then 
we have a special kind of effect law that we call an inexecutability law. For 
example, we could also have -^token — > [buy]-L, expressing that buy cannot 
be executed if the agent has no token. 

The set of effect laws of a domain is denoted by £ . In our coffee machine 
scenario, we could have for example: 

£ = { -^coffee — > [buy] coffee, token — > [buy]->token, -^token — > [&m/]-L } 

Finally, we also define executability laws, which stipulate the context 
where an action is guaranteed to be executable. In PDL, the operator (a) is 
used to express executability. (a)T thus reads "the execution of a is possi- 
ble" . 

Definition 2.6 (Executability Law) An executability law for action a is 
of the form ip — > (a)T, where ip £ Stnt. 



3 An alternative to that is given by Castilho et al. [6], with laws being stated with the 
aid of an extra universal modality and local consequence being thus considered. 



For instance, token — > (buy)T says that buying can be executed whenever 
the agent has a token. The set of all executability laws of a given domain 
is denoted by X . In our scenario example we would have X = {token — > 
(buy)T}. 

With our three basic types of laws, we are able to define action theories: 

Definition 2.7 (Action Theory) Given a domain and any (possibly empty) 
sets of laws S , £ , and X , T= S \J £ \J X is an action theory. 

For given action a, £ a (resp. X a ) will denote the set of only those effect 
(resp. executability) laws about a. T a = S\J£ a VJX a is then the action theory 
for a. 4 

For the sake of clarity, we abstract here from the frame and ramifica- 
tion problems, and suppose the agent's theory already entails all the rele- 
vant frame axioms. We could have used any suitable solution to the frame 
problem, like e.g. the dependence relation [6], which is used in the work of 
Herzig et al. [21], or a kind of successor state axioms in a slightly modified 
setting [11]. To make the presentation more clear to the reader, here we do 
not bother with a solution to the frame problem and just assume all frame 
axioms can be inferred from the theory. Actually we can suppose that all 
intended frame axioms are automatically recovered and stated in the the- 
ory, more specific, in the set of effect laws. 5 Hence the action theory of our 
example will be: 



T= 



coffee — > hot, token — > (buy)T, 

-^coffee -> [buy]coffee, 

token — > [buy]^token, -^token — > [buy]J-, 

coffee — > [buy]coffee, hot — > [buy]hot 



(We have not stated the frame axiom -^token — > [buy]^token because it can 
be trivially deduced from the inexecutability law -^token — > [buy]J-.) 

Figure 3 below shows a PDL-model for the theory T. 

Given an action theory T, sometimes it will be useful to consider models 
whose possible worlds are all the possible worlds allowed by T: 



Notice that for a\ , a^ £ 2tct, a\ ^0,2, the intuition is indeed that T ai and T a . 2 overlap 
only on 5, i.e., the only laws that are common to both T ai and T a2 are the laws about 
the structure of the world. This requirement is somehow related with the logic being 
independently axiomatized (see above). 

Frame axioms are a special type of effect law, having the form £ — > [a]£, for £ £ £it. 
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(-.t, c, /j) 



6 (t,-.c, fe) 



( f~^c, -.h) 

Figure 3: A model for our coffee machine scenario: b, i, c, and h stand for, 
respectively, buy, token, coffee, and hot. 



Definition 2.8 (Big Model) Let T = S U £ L) X be an action theory, 
•^big = { W{,i g , Rbig) is the big model of T if and only if: 

• Wbi g = val(S); and 

• Rbig = UaGStct^a S ' t R a = {{w,w') \ for all if ->• [a]lp G £ a , if ^ 

w' 

Figure 4 below shows the big model of T. 



(pt, c, /j) 



6 (f, -.c, fe) 



fo,-.c, -.^ (f, -.c, -.ft) (-.i, -.c, fe) 

Figure 4: The big model for the coffee machine scenario. 



2.2 Essential Atoms 

An atom p is essential to a formula ip if and only if p G atm(<p') for every <p' 
such that |= </? <-> (/?'. For instance, p 1 is essential to -i^ A(-ij?i Vp 2 )- Given 
(/?, atm\{ip) denotes the set of essential atoms of cp. (If y> is not contingent, 
i.e., <p is a tautology or a contradiction, then atm\(ip) = 0.) 
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Given ip a Boolean formula, (p* is the set of all formulas ip' such that 
ip hpp. V 3 ' and atm(ip') C atm\(tp). For instance, p 1 V p 2 fi p t *, as p 1 K p . 
p 1 Vp 2 but atm(p 1 Vp 2 ) 2 afrre!(pi). Clearly, atm(/\ip*) = atm\(/\ip*), 
moreover whenever |= tp <-> tp' is the case, then atm\((p) = atm\(tp') and 
also <£>* = <//*. 

Theorem 2.1 (Least atom-set theorem [41]) Given ip a propositional 
formula, K p . tp <-> A^*? an ^ / or euer?/ <// s.i. t p . c^> <-> y/, atm(tp*) C 
atm(tp'). 

A proof of this theorem is given by Makinson [35] and we do not state 
it here. Essentially, the theorem establishes that for every formula p, there 
is a unique least set of elementary atoms such that tp may equivalently be 
expressed using only letters from that set. 6 Hence, Cn{tp) = Cn{tp*). 

2.3 Prime Valuations 

Given a valuation v, v 1 C v is a subvaluation. Given a set of valuations W, a 
subvaluation v 1 satisfies a propositional formula (£> modulo W (noted t/ Ib^. tp) 
if and only ii v\\~ tp for all i; G W such that i/Ct. 

We say that a subvaluation w essentially satisfies ip (modulo W), noted 
v IK ip, if and only if v lb, tp and {|£| : £ G v} C atml(ip). If i> IK (/?, we call i> 
an essential subvaluation of </? (modulo VF). 

Definition 2.9 (Prime Subvaluation) Let ip be a propositional formula 
and W a set of valuations. A subvaluation v is a prime subvaluation of ip 
(modulo W) if and only if i> IK ip and there is no v 1 C v s.t. v 1 IK ip. 

Our notion of prime subvaluation is closely related to Veltman's defini- 
tion of basis for a formula [54].' A prime subvaluation of a formula ip is 
thus one of the weakest states of truth in which tp is true. Hence, prime 
subvaluations are just another way of seeing prime implicants [43] of ip. By 
base(tp, W) we will denote the set of all prime subvaluations of ip modulo W. 

Theorem 2.2 Let if G #ml and W be a set of valuations. Then for all 
w G W, to lh ip if and only if w Ih \/ v£base{iptW) A i£v i- 



The dual notion, i.e., that of redundant atoms is also addressed in the literature [22], 
with similar purposes. 

' The author is indebted to Andreas Herzig for pointing this out. 
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Proof: Right to left direction is straightforward. For the left to right di- 
rection, if w lh (p, then w lh <p*. Let w' C io be the least subset of u; still 
satisfying </?*. Clearly, w' is a prime subvaluation of (p modulo W, and then 
because w lh Aiem' ^' * ne resu ^ follows. ■ 

2.4 Closeness between Models 

When contracting a formula from a model, we will perform a change in its 
structure. Because there can be several different ways of modifying a model 
(not all of them minimal), we need a notion of distance between models to 
identify those that are closest to the original one. 

As we are going to see in more depth in what follows, changing a 
model amounts to modifying its possible worlds or its accessibility rela- 
tion. Hence, the distance between two PDL-models will depend upon the 
distance between their sets of worlds and accessibility relations. These 
here will be based on the symmetric difference between sets, defined as 
X-Y = (X\Y)U(Y\X). 

Definition 2.10 (Closeness between PDL-Models) Let .£ = {W,R) 

be a model. Then M' = { W, R') is at least as close to j$ as ^" = 
(W, R"), noted Jt* <^ Jt" , if and only if 

• either W-W C W- W" 

• or W-W = W- W and R-R' C R-R" 

Although simple, this notion of closeness is sufficient for our purposes 
here, as we will see in the sequel. Notice that other distance notions could 
have been considered as well, like e.g. the cardinality of symmetric differ- 
ences. (See Section 9 for a discussion on this.) 

3 Semantics of Action Theory Change 

When admitting the possibility of a law <P failing, one must ensure that ^ 
becomes invalid, i.e., not true in at least one model of the dynamic domain. 
Because there can be lots of such models, we may have a set M. of models 
in which ^ is (potentially) valid. Thus contracting # amounts to making it 
no longer valid in this set of models. What are the operations that must 
be carried out to achieve that? Throwing models out of M does not work, 
since <P will keep on being valid in all models of the remaining set. Thus one 
should add new models to Ai. Which models? Well, models in which <P is 
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not true. But not any of such models: taking models falsifying ^ that are 
too different from our original models will certainly violate minimal change. 
Hence, we shall take some model j% G M. as basis and manipulate it to 
get a new model ^#' in which <P is not true. In dynamic logic, the removal of 
a law ^ from a model .,# = (W,R) means modifying the possible worlds or 
the accessibility relation in ./# so that <P becomes false. Such an operation 
gives as result a set ./#^~ of models each of which is no longer a model of <&. 
But if there are several candidates, which ones should we choose? We shall 
take those models that are minimal modifications of the original ^#, i.e., 
those minimal w.r.t. -<jg. Note that there can be more than one ^#' that is 
minimal. Hence, because adding just one of these new models is enough to 
invalidate <£, we take all possible combinations A4 U {^#'} of expanding our 
original set of models by one of these minimal models. The result will be a 
set of sets of models. In each set of models there will be one .M' falsifying 
$. 

3.1 Model Contraction of Executability Laws 

To contract an executability law cp — > (a)T from one model, one intuitively 
removes arrows leaving yj-worlds. In order to succeed in the operation, we 
have to guarantee that in the resulting model there will be at least one 
y)-world with no departing o-arrow. 

Definition 3.1 Let Jt = (W,R). Jf = (W,Bf) G ^~^ {a)T if and only if 

• W = W 

• R' C R 

• If{w,w') eR\R', then \=ip 

• There is w G W s.t. W ip — > (a)T 

Observe that ^~_^/ a \ T 7^ if and only if (p is satisfiable in W. Moreover, 

j% G ^~_,/ a \y if and only if ^ ip — > (o)T. 

To get minimal change, we want such an operation to be minimal w.r.t. 
the original model: one should remove a minimum set of arrows sufficient 
to get the desired result. 

Definition 3.2 contract{M ', (p — > (a)T) = [j min{.^ _ _, > T , ■< ^} 
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And now we define the sets of possible models resulting from the con- 
traction of an executability law in a set of models: 

Definition 3.3 Let M. be a set of models, and ip — > (a)T an executability 
law. Then 



M 



¥>-»(a)T 



= {M 1 : M' = Mu{^'},^' G contract^ , ip -> {a)T),J( G M} 



In our running example, consider A4 = {-#}, where ^ is the model in 
Figure 4. When the agent discovers that even with a token she does not 
manage to buy a coffee any more, she has to change her models in order 
to admit (new) models with states where token is the case but from which 
there is no 6wy-transition at all. Because having just one such world in 
each new model is enough, taking those resulting models whose accessibil- 
ity relations are maximal guarantees minimal change. Hence we will have 



M 



token — >(buy)T 



= {M U {.£[}, M U {J?£},M U {~# 3 '}}, where each JC[ is 



depicted in Figure 5. 



M{ : 



(-.t, c, ft) 




6 (f, -ic, A) 



(it, -.c, -fy (t, -ic, -ift) (-it, -ic, A) 



(-.t, c, ft) 




(it, -ic, -.^ (t, -ic, -ife) (it, ic, ft) 



« = 



(it, c, ft) 




(t, -ic, ft) 



(nt, -ic, -.^ (t. -ic, -./i) (it, -ic, ft) 



Figure 5: Models resulting from contracting token — > (buy)T in the model 
^# of Figure 4. 

Clearly, if ip is not satisfied in A4, i.e., |= -k/j for all ./# G AW, then 
the contraction of <p — > (a)T does not succeed. In this case, —xp should be 
contracted from the set of models (see further in this section). 
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3.2 Model Contraction of Effect Laws 

When the agent discovers that there may be cases where after buying she 
gets no hot beverage, she must e.g. give up the belief token — > [buy]hot in her 
set of models. This means that token A (buy)^hot shall now be admitted in 
at least one world of some of her new models of beliefs. Hence, to contract 
an effect law tp — > \a\ij) from a given model, intuitively we have to add arrows 
leaving </?-worlds to worlds satisfying —>ip. The challenge in such an operation 
is how to guarantee minimal change. 

In our example, when contracting token — > [buy]hot in the model of 
Figure 4 we add arrows from token-worlds to -i/ioi-worlds. Because coffee — > 
hot, and then -i/ioi — > -^coffee, this should also give (buy) -^coffee in some 
token-world (^coffee is relevant to ->hot, i.e., to have ->hot we must have 
-^coffee). This means that if we allow for (buy)^hot in some token-world, we 
also have to allow for (buy) -^coffee in that same world. 

Hence, in our example one can add arrows from to/cen-worlds to —>hot A 
-^coffee A token-worlds, as well as to -ihotA -^coffee A ^token (Figure 6). For 
instance, one can add a buy-arrow from {token, -^coffee, ~^hot} to one of these 
candidates (Figure 7). 



fcfc 


c, ft) 


/ 


X 


/ 

(t, c, h) 


\ 

6 (i, -.c, /i) 


>J {t"c 


,-iAJ (^t, -ic, ft) 



Figure 6: Candidate worlds to receive arrows from iofcen-worlds. 

Notice that adding the arrow to {token, -^coffee, ~^hot} itself would make 
us lose the effect ^token, true after every execution of buy in the original 
model (|= token — > [buy]^token) . How do we preserve this law while allowing 
for the new transition to a -i/ioi-world? That is, how do we get rid of the 
effect hot without losing effects that are not relevant for that? We here 
develop an approach for this issue. 

When adding a new arrow leaving a world w we intuitively want to 
preserve as many effects as we had before doing so. To achieve this, it is 
enough to preserve old effects only in w (because the remaining structure of 
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6 (f, "-.c, /t) 




6 



fo,-.c,-./)« - - -(f, -.c, -.h) (-.i,-.c, fe) 



/ 



6 
Figure 7: Two candidate new 6ut/-arrows to falsify token — > [buy]hot in M . 

the model remains unchanged after adding the new arrow). Of course, we 
cannot preserve effects that are inconsistent with -T0 (those will all be lost). 
So, it suffices to preserve only the effects that are consistent with —tip. To 
achieve that we must observe what is true in w and in the target world w'\ 

• What changes from w to w' (w 1 \ w) must be what is obliged to do so: 
either because that is necessary to having —>ij) in w' or because that is 
necessary to having another effect (independent of —iip) in w' that we 
want to preserve. 

• What does not change from w to w' (w D w') should be what is al- 
lowed to do so: certain literals are never preserved (like token in our 
example), then when pointing the arrow to a world where it does not 
change w.r.t. the leaving world (^hotA^coffeeAtoken in our example), 
we lose effects that held in w before adding the arrow. 

This means that the only things allowed to change in the candidate target 
world must be those that are forced to change, either by some non-related 
law or because of having —iip modulo a set of states W. In other words, we 
want the literals that change to be at most those that are sufficient to get -it/) 
modulo W, while preserving the maximum of effects. Every change outside 
that is not an intended one. Similarly, we want the literals that are preserved 
in the target world to be at most those that are usually preserved in a given 
set of models. Every preservation outside those may make us lose some law. 
This looks like prime implicants, and that is where prime subvaluations play 
their role: the worlds to which the new arrow will point are those whose 
difference w.r.t. the departing world are literals that are relevant and whose 
similarity w.r.t. it are literals that we know do not change. 
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Definition 3.4 (Relevant Target Worlds) Let Jt = (W,R) be a model, 
w,w' G W, M. a set of models such that M G M., and cp — > [a]ip an effect 
law. Then w' is a relevant target world of w w.r.t. ip — > [a]ip for M in M. 
if and only if 



• for all £ G w' \ w 



— either there is v G base{^tj), W) s.t. v C u/ and le» 

— or there is ip' G 5rn[ s.t. ttere is 1/ G base(ip' , W) s.t. 1/ C w' , 
£ G i/ ; and /or every _#i G .M, |= '[a]^' 

• /or all £ £ w C\w' 

— either there is v G base{-^ip, W) s.t. v C w' and £ <E v 

— or there is Mi G A4 such that ^ l \a]->£ 



By RelTarget(w,ip — > [a]ip , ^ , M.) we denote the set of all relevant target 
worlds of w w.r.t. ip — > [a]ip for j$ in M.. 

Note that we need the set of models M (and here we can suppose it 
contains all models of the theory we want to change) because preserving 
effects depends on what other effects hold in the other models that interest 
us. We need to take them into account in the local operation of changing 
one model: 8 

Definition 3.5 Let Jt = (W,R), and M be such that J{ G M. Then 
.£' = (W 1 , R') G M~,,, if and only if 

• W = W 

• RC r! 

• // (w, w') e R'\R, then w' G RelTarget(w, p — > [a]^, Jt , M) 

• There is w G W s.t. p <p — > [a]ip 



8 The reason we do not need M in the definition of the local (one model) contraction 
of executability laws ^~^, a \ T is that when removing arrows there is no way of losing 
effects, as every effect law that held in the world from which an arrow has been removed 
remains true in the same world in the resulting model. 
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Observe that s^~a , , 7^ if and only if tp and ->ip are both satisfiable 

in W. Moreover, ./# G ^~_^r a i^ if and only if \£ ip — > [a)x[). 

Because having just one world where the law is no longer true in each 
model is enough, taking those resulting models whose accessibility relations 
are minimal w.r.t. the original one guarantees minimal change. 



Definition 3.6 contractual ', <p — > [a]ip) = ljmin{. 



'tp— >[a]ip 



■,^J(} 



Now we can define the possible sets of models resulting from contracting 
an effect law from a set of models: 



Definition 3.7 Let M. be a set of models, and ip — > [a]tp an effect law. 
Then 

M v^[ a u = i M ' '■ M ' = MU{J?'},J?' G contract^ , tp -»■ [a]^),-#f G M} 



Taking again Ad = {^#}, where ^ is the model in Figure 4, after con- 
tracting token -> [buy]hot from M we get M~ oken _^ [buy]hot = {Mu{.^{}, MU 
^2}, M U {^#3}}, where all ^#/s are as depicted in Figure 8. 



(pt, c, fe) 




6 (t,-iC,7t) 



^o' 




(-.t, -.c, -1^ (t, -ic,-.fe) (-.f, -ic, A) 

i 



6 (t,-ic,ft) 



(^-.c,-.^. (t, -.c, -.£) (-.t,-.c, A) 




(f, -.c, -ife) (-.t, -ic, /i) 



Figure 8: Models resulting from contracting token — > [6m/]/io£ in the model 
^# of Figure 4. 
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In both cases where <p is not satisfiable in j% or ip is valid in ^#, of course 
our operator does not succeed in falsifying ip — > [a]ip (cf. end of Section 3.1). 
Intuitively, prior to doing that we have to change our set of possible states. 
This is what we address in the next section. 

3.3 Model Contraction of Static Laws 

When contracting a static law from a model, we want to admit the existence 
of at least one (new) possible state falsifying it. This means that intuitively 
we should add new worlds to the original model. This is quite easy. A very 
delicate issue however is what to do with the accessibility relation: should 
new arrows leave/arrive at the new world? If no arrow leaves the new added 
world, we may lose some executability law. If some arrow leaves it, then we 
may lose some effect law, the same holding if we add an arrow pointing to 
the new world. On the other hand, if no arrow arrives at the new world, 
what about the intuition? Is it intuitive to have an unreachable state? 

All this discussion shows how drastic a change in the static laws may 
be: it is a change in the underlying structure (possible states) of the world! 
Changing it may have as consequence the loss of an effect law or an exe- 
cutability law. What we can do is choose which laws we accept to lose and 
postpone their change (by the other operators). Following the tradition in 
the RAA community which states that executability laws are, in general, 
more difficult to formalize than effect laws, and hence are more likely to 
be incorrect, here we prefer not to change the accessibility relation, which 
means preserving effect laws and postponing correction of executability laws, 
if needed, (cf. Sections 4.3 and 10 below). 

Definition 3.8 Let Jt = ( W,R). -M' = {W,R') e JH~ if and only if 

• W C W 

• R = R' 

• There is w e W 1 s.t. tt <z> 

" w 

Notice that we have ./#~ = if and only if cp is a tautology. Moreover, 



^# & ^ v if and only if p </?. 

The minimal modifications of one model are defined as usual: 

Definition 3.9 contract{M , (p) = ljmin{^#~, d^^} 
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And now we define the sets of models resulting from contracting a static 
law from a given set of models: 

Definition 3.10 Let M be a set of models, and <p a static law. Then 

M~ = {M' :M' = MU {JZ'},J£' e contract^, tp),jft e M} 



In our scenario example, if M = {^#}, where j% is the model in Figure 4, 
then contracting coffee — > hot from M. would give us ^^offee^/iot = i-^ ^ 
{./#/}, A4 U {~# 2 '}}i where each M[ is as depicted in Figure 9. 



Jl[ : 



(-it, C, ft) (t, C, -ift) 




b (t^c, ft) 



(-.t, -ic, -i^ (t, -ic,-ife) (-.t, -ic, ft) 



r 2 ' : 



(-.*, c, -.ft) (-.i, 


c,ft) 
V 


/ 


\ 


/ 

(f, c, ft) 


\ 

6 (t,-.e,ft) 


(^i, -.c, -.^ (i,-ic 


,-i/j) (-.t,-.c, A) 



Figure 9: Models resulting from contracting coffee — > ftoi in the model ^# 
of Figure 4. 

Notice that by not modifying the accessibility relation all the effect laws 
are preserved with minimal change. Moreover, our approach is in line with 
intuition: when learning that a new state is now possible, we do not nec- 
essarily know all the behavior of the actions in the new added state. We 
may expect some action laws to hold in the new state (see Section 10 for 
an alternative solution), but, with the information we dispose, not touching 
the accessibility relation is the safest way of contracting static laws. 

4 Syntactic Operators for Contraction of Laws 

Now that we have defined the semantics of our theory change, we turn 
our attention to the definition of syntactic operators for changing sets of 
formulas. 

As Nebel [40] says, "[. . .] finite bases usually represent [. ..] laws, and 
when we are forced to change the theory we would like to stay as close 
as possible to the original [. . . ] base." Hence, besides the definition of 
syntactical operators, we should also guarantee that they perform minimal 
change. 
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By 7^ we denote in the sequel the result of contracting a law ^ from the 
set of laws T. 

4.1 Contracting Executability Laws 

For the case of contracting ip — > (a)T from an action theory, first we have 
to ensure that the action a is still executable in all those contexts where -up 
is the case. Second, in order to get minimality, we must make a executable 
in some contexts where (p is true, viz. all tp- worlds but one. This means 
that we can have several action theories as outcome. Algorithm 1 gives a 
syntactical operator to achieve this. 

Algorithm 1 Erasure of an executability law 
input: T, <p — > (a)T 
output: CT^ (a)T 

1: T , ST :=0 

2: if T\=^ DL (p -^ ( a ) T then 

3: for all vr <E IP(S A ip) do 

4: for all A C atm(ir) do 

5: fA-= A„,. e ^)ftAA 



if S ^ pL (7T A ip A ) -> -L then 



T , := I (T\X a )U 

\ {(<pi A -n(ir A ip A )) -> (o)T : ipi -> (o)T e #J 

ip—>{a) I tp— >{a) I L > 



9: else 

io: 7- , . T := {t} 

return 7*~ , >-,- 



Observe that from the finiteness of 7" and that of atm(ir), for any 7r € 
IP(<S Ay), and the decidability of PDL [20] and of classical propositional 
logic, it follows that Algorithm 1 terminates. 

In our running example, contracting the executability law token — > 
(buy)T from the action theory 7" would give us 7^ oken ^ {huy)T = {T{,T£,TJ}, 
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where: 



T (={ 



T'=l 



n = 



coffee — > hot, -^coffee — > [buy]coffee, 

tokens [buy]-itoken, -^token — > [6m/]_L, 

coffee — > [fiuj/] coffee, ^°^ ~^ [6m/]/io£, 

(token A ^coffee A /ioi) — > (buy)T, 

(token A -< coffee A -i/toi) — > {buy)T 

coffee — > hot, -^coffee — > [buy]coffee, 

tokens [buy]-*token, ->token — > [6uy]_L, 

cojfee — > [buy]coffee, hot — > [buy]hot, 

(token A coffee A fto£) — > (buy)T, 
(token A -* coffee A -i/ioi) — ► (buy)T 

coffee — > hot, -^coffee — > [buy]coffee, 

tokens [buy]->token, ->token — > [6wy]_L, 

coffee — > [buy]coffee, hot — > [buy]hot, 

(token A coffee A /io£) — > (buy)T, 

(token A ^coffee A /ioi) — > (buy)T 



Now the knowledge engineer has only to choose which theory is more in 
line with her intuitions and implement the changes (cf. Figure 5). 

4.2 Contracting Effect Laws 

When contracting y> — > [a]'0 from a theory T, intuitively we should contract 
some effect laws that preclude —iip in target worlds. In order to cope with 
minimality, we must change only those laws that are relevant to ip — > [a\tp. 
Let Sa denote a minimum subset of £ a such that S,£t hpni^ ~^ t a ]^' 
In the case the theory is modular [25] (see further), such a set always exists. 
Moreover, note that there can be more than one such a set, in which case 
we denote them (£a )i, ■ ■ ■ , (££ )»• Let 



s- = 



Ki<n 



<p,i>' 



The laws in £ a will serve as guidelines to get rid of (p — > [a]ip in the theory. 

The first thing we must do is to ensure that action a still has effect tp 
in all those contexts in which <p does not hold. This means we shall weaken 
the laws in £„ specializing them to -up. Now, we need to preserve all 
old effects in all (/^-worlds but one. To achieve that we specialize the above 
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laws to each possible valuation (maximal conjunction of literals) satisfying 
ip but one. Then, in the left (^-valuation, we must ensure that action a has 
either its old effects or -it/} as outcome. We achieve that by weakening the 
consequent of the laws in £~ . Finally, in order to get minimal change, we 
must ensure that all literals in this tp- valuation that are not forced to change 
in -i^-worlds should be preserved. We do this by stating an effect law of the 
form ((fik A i) — > [a](ip V £), where ipk is the above (/> valuation. The reason 
this is needed is clear: there can be several -^-valuations, and as far as we 
want at most one to be reachable from the ^-world, we should force it to 
be the one whose difference to this (/^-valuation is minimal. 

Again, the result will be a set of action theories. Algorithm 2 below gives 
the operator. 

The reader is invited to check that Algorithm 2 always terminates (cf. 
Section 4.1). 

For an example of execution of the algorithm, suppose we want to con- 
tract the effect law token — > [buy]hot from our theory T. We first determine 
the minimum sets of effect laws that together with S entail token — > [buy]hot. 
They are 

r token,hot\ _/ c °ff ee ->■ [buy] coffee, 



( £bu y \ ^coffee -> [buy] coffee 



token,hot\ { hot — ► [buy]hot, 
buy \ -i coffee —> [buy] coffee 



Now for each context where token is the case, we weaken the effect laws in 
£ buy = y £ buy h u \ £ buy h- Given S = {coffee -> hot}, such contexts 
are token A coffee A hot, token A ^coffee A ->hot and token A -^coffee A hot. 

For token A coffee A hot: we replace in Tthe laws from £7 by 

{coffee A -^(token A coffee A hot)) — > [buy] coffee, 

(hot A -i(tofcen A coffee A hot)) — > [buy]hot, 
(^coffee A -^(token A coffee A hot)) — > [buy]coffee 

so that we preserve their effects in all possible contexts but tokenAcoffeeAhot. 
Now, in order to preserve some effects in token A coffee A hot-contexts while 
allowing for reachable -i/toi- worlds, we add the laws: 

(token A coffee A hot) — > [buy](coffee V ->hot), 
(token A coffee A hot) — > [buy](hot V ^coffee) 
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Algorithm 2 Contraction of an effect law 



input: T, ip — > [a]ip 
output: T~ , , , 

1: T" M ,:=0 

2: if T^ DL (^^[a]Vthen 

3: for all 7T G IP(S A p) do 

4: for all A C atm(n) do 

6: if 5 ^ p| _(vr A ipa) — > i- then 

7: for all tt' G ZP(«S A ^/>) do 

((T\e-)\j 

8: T': = {(^A-.(7rAy>A))->[a]^:¥»i-»-[a]^e£-}U 

V {(<£; A 7T A 9?a) -> [a]{ipi V 7r') : (ft -> [o]^ G £~} 

9: for all I C £it do 

10: if 5 ^ pL (7T A ^a) -> A| G L I and 5 ^ PL ( 7r ' A A^gL *) ~> J- 

then 

11: for all i G L do 

12: if T^ DL (vr A <p a A £) -> [o]-i£ or £ G tt' then 

13: T':=T'u{(7rA^ A £) ^ [a](ip V £)} 

14: T~ M; := T~ M; U{7~'} 

15: else 



16: CT M/ := {7} 
return 7*~ , , , 
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Now, we search all possible combinations of laws from E h that apply on 
token A coffee A hot contexts and find token — > [buy]^token. Because -^token 
must be true after every execution of buy, we do not state the law (token A 
coffee A hot) — ► [buy](hot V token), and end up with the theory: 

coffee — > hot, token — > {buy)T, 
tokens [buy]->token, -^token — > [6m/]_L, 
(coffee A ^(token A coffee A hot)) — > [6wy] co_/fee, 
T/ = ^ (/ioi A -^(token A coffee A hot)) — > [6m/]/io£, 

(-> coffee A -^(token A coffee A hot)) —>■ [buy]coffee, 
(token A coffee A hot) — > [buy](coffee V -ihot), 
(token A coffee A hot) — > [buy](hot V -^coffee) 



On the other hand, if in our language we also had an atom p with the same 
theory T, then we should add a law (token A coffee A hotAp) — > [&ui/](/iotVp) 
to meet minimal change by preserving effects that are not relevant to —tip. 

The execution for contexts token A ^coffee A ^hot and token A ^coffee A hot 
are analogous and the algorithm ends with 77, r , ,, , = {T-l ,TJ,TJ\, 

° ° token— y[buy\not L J- ' *' J J ' 

where: 



T' - 



coffee — > /toi, tofcen — > {buy)T, 



token — > [buy]- 

(coffee A -^(token A - 

(hot A -^(token A - 

(-^coffee A -^(token A 

(token A -^coffee A 



token, ->token —> [buy]-L, 
^coffee A ->hot)) — > [buy]coffee, 
^coffee A -*hot)) — > [6m/]/ioi, 
-^coffee A -*hot)) — > \buy\coffee, 
-'hot) —> [buy](coffee\J -*hot) 



T 1 - 

2 3 — 



coffee — > hot, token — > {buy)T, 

tokens [buy]->token, -^token — > [6m/]_l_, 

(coffee A -^(token A -^coffee A hot)) — > [buy]coffee, 

(ftot A -'(token A -^coffee A hot)) —>■ [buy]hot, 

(^coffee A -^(token A -^coffee A hot)) — > [buy]coffee, 

(token A -^coffee A hot) — > [buy](hot V -^coffee), 

(token A -^coffee A hot) — > [buy](coffee V -i/iot) 



Looking at Figure 8, we can see the correspondence between these the- 
ories and their respective models. 
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4.3 Contracting Static Laws 

Finally, in order to contract a static law from a theory, we can use any 
contraction/erasure operator for classical logic. Because contracting static 
laws means admitting new possible states (cf. the semantics), just modifying 
the set S of static laws may not be enough for the dynamic logic case. Since 
we in general do not necessarily know the behavior of the actions in a new 
discovered state of the world, a careful approach is to change the theory so 
that all action laws remain the same in the contexts where the contracted 
law is the case. In our example, if when contracting the law coffee — > hot we 
are not sure whether buy is still executable or not, then we should weaken our 
executability laws specializing them to the context coffee — > hot, and make 
buy a priori inexecutable in all ^(coffee — > hot) contexts. The operator given 
in Algorithm 3 formalizes this. 

Algorithm 3 Contraction of a static law 
input: TJ ip 
output: T~ 

2: if S b p| ip then 

3: for all S~ G S Q if do 

/ «x\s)us-)\x a u 

4: T':= feA^( B )T: V ^(a)Te^U 

5: T-:=T-U{T'} 

6: else 

7: T-:={7} 
return 71 



In our running example, contracting the law coffee — > hot from T pro- 
duces T- coffee ^ hot = {T{,TJ}, where 
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T{ = 



T' - 

1 2 — 



-'(-'token A coffee A -ihot), 

(token A coffee — > hot) —>■ (buy)T, 

-^coffee — > [buy]coffee, token — > [6m/]-itofcen, 

-■tofcen — > [6m/] _L, coffee — > [buy]coffee, 

hot — ► [buy]hot, (coffee A ->hot) — > [buy]A. 

-•(token A coffee A -ifiot), 

(token A coffee —> hot) —> (buy)T, 

-^coffee — > [buy]coffee, token — > [&m/]-itofcen, 

-■tofcen — > [6m/]_L, coffee — > [buy]coffee, 

hot — > [buy]hot, (coffee A -i/toi) — > [6m/]_L 



Observe that the effect laws are not affected by the change: as far as we 
do not pronounce ourselves about the executability of some action in the 
new added world, all the effect laws remain true in it. 

If the knowledge engineer is not happy with (coffee A -*hot) — > [6m/]_L, 
she can contract this formula from the theory using Algorithm 2. Ideally, 
besides stating that buy is executable in the context coffee A -*hot, we should 
want to specify its outcome in this context as well. For example, we could 
want (coffee A -ihot) — > (buy)hot to be true in the result. This would require 
theory revision. See Section 7 for the semantics of such an operation. 

5 Correctness of the Operators 

We here address the correctness of our algorithms w.r.t. our semantics for 
contraction. 

5.1 Two Counter-Examples 

Let the theory T= {p 1 — > (a)T,(->p 1 Vp 2 ) — > [a]_L, [a]-ip 2 } an d consider 
its model M depicted in Figure 10. (Notice that T\= ^(p 1 Ap 2 ).) When 
contracting p 1 — > [a]-ij? 2 nl -^ ■> we § e * • y ^' m Figure 10. 



Now contracting p 1 
{T'}, where 

T' = 



n», from Tusing Algorithm 2 gives T~ r , 



V\ -> (a)T, (~>pi V p 2 ) -> [a]±, 
(Pi A->p 2 ) -> [a](->j> 2 Vp 2 ), 
(Pi A-^ 2 ) -> M(^>2 VPi) 



Notice that the formula (p\A^p 2 ) — > [o\(~^P2 Vpi) is put in T' by Algorithm 2 
because there is {pi\ C £it such that S W p , (p\ A p 2 ) — > _L and T ^ DL 



2N 



v.- 

Q 



^1 > -'^2) ^ — ► f'fi ■ ^2) 




(^1 j P2) ( n Pi ■ £2 ) 



Figure 10: A model ^ of Tand the result ^#' of contracting p 1 — > [a]-ip 2 
in it. 



' as 



(Pi A "'Pi) ~ > ' M -1 ^- Clearly \£ T and no theory in !T^, , has 
model. This means that the contraction operators are not correct. 

This issue arises because Algorithm 2 tries to allow an arrow from the 
Pi A -'P2" wor ld to a p 2 -world that is closest to it, viz. {pi,^}) but has no way 
of knowing that such a world does not exist. A remedy for that is replacing 
the test T^ DL (7r' A f\ ieL £) -> -1 for 5 ^ p| _ (tt' A AfeL^) -> - 1 , but that 
would increase even more the complexity of the algorithm. A better option 
would be to have S 'complete enough' to allow the algorithm to determine 
the worlds to which a new transition could exist. 

The other way round, it does not hold in general that the models of 
each T G T^ result from the semantic contraction of models of T by 0. 
To see this suppose that there is only one atom p and one action a, and 
consider the action theory T = {p — > [a]_L, (a)T}. The only model of Tis 
■* = ({hp}}A({^P},{^P})}) in Figure 11. 







Figure 11: Incompleteness of contraction: a model j$ of Tand a model j$' 
of the theory resulting from contracting p — > (a)T from T. 

By definition, contract{^,p — > (o)T) = {~#}. On the other hand, 
T~_, yj- is the singleton {T} such that T = {p — > [o]JL, ->p — > (a)T}. Then 
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^#' = ({{ _, p}, {p}}, ({ _, p}i { _, p})) in Figure 11 is a model of the contracted 
theory. Clearly, ^#' does not result from the semantic contraction of p — > 
(a)T from ^#: while -ip is valid in the contraction of the models of T, it 
is not valid in the models of T' . This means that the operators are not 
complete. 

This problem occurs because, in our example, the worlds that are for- 
bidden by T, e.g. {p}, are not preserved as such in T . When contracting an 
executability or an effect law, we are not supposed to change the possible 
worlds of a theory (cf. Section 3). 

Fortunately correctness of the algorithms w.r.t. our semantics can be 
guaranteed for those theories whose S is maximal, i.e., the set of static laws 
in S alone determine what worlds are authorized in the models of the theory. 
This is the principle of modularity [25] and we briefly review it in the next 
section. 

5.2 Modular Theories 

Definition 5.1 (Modularity [25]) An action theory T is modular if and 

only if for every <p e ffmt, ifT^^ip, then S \^ PL ^>- 

For an example of a non-modular theory, suppose that the action theory 
Tof our coffee machine scenario were stated as 

coffee — > hot, (buy)T, 

^coffee -> [buy]coffee, 

token — > [buy]-itoken, ->token — > [buy]-L, 

coffee —> [buy]coffee, hot — > [buy]hot 

The modified law is underlined: we have (in this case wrongly) stated that 
the agent can always buy at the machine. Then T (=«_. token and S W p , 
token. 

As the underlying multimodal logic is independently axiomatized (see 
Section 2.1), we can use the algorithms given by Herzig and Varzinczak [25] 
to check whether an action theory satisfies the principle of modularity. 
Whenever this is not the case, the algorithms return the Boolean formu- 
las entailed by the theory that are not consequences of S alone. For the 
theory Tabove, they would return {token}: as we stated (buy)T, from this 
and ^token — > [buy]A. we get T \= token. Because S \/= p . token, token is 
what is called an implicit static law [23] of T? 



Implicit static laws are very closely related to veridical paradoxes [44]. It turns out 
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Modular theories have interesting properties. For example, consistency 

can be checked by just checking consistency of the static laws in S: if Tis 

modular, then T[= . _L if and only if S t„, _L. Deduction of effect laws does 
' ' pdl J ' CPL 

not need the executability ones and vice versa. Deduction of an effect of a 
sequence of actions a\\ . . . ; a n (prediction) does not need to take into account 
the effect laws for actions other than ai, . . . , a n . This applies in particular 
to plan validation when deciding whether (ai; . . . ; a^if is the case. 

Similar notions to modularity have been investigated in the literature on 
regulation consistency [7], Situation Calculus [2, 24], DL ontologies [8, 26] 
and also in dynamic logic [56]. For more details on modularity in action 
theories, see the work by Varzinczak [51]. 

Theorem 5.1 Tis modular if and only if the big model of Tis a model ofT. 

Proof: Let y$u g = ( Wbi g , Ru g ) be the big model of T. 

(=$■): By definition, ^ug is such that \= h%g S A£. It remains to show that 
|= h ' 3 X . Let ifi — > {a)T £ X a , and let w £ Wbig be such that (= 6 *Vi- There- 



fore for all <pj £ gmt such that T |= ipj — > [a]_L, we must have ^ ""ipj, 
because T\= -*(ipi Aifj), and as Tis modular, S \= .->((piA<pj), and hence 

|= b ' 9 ^((pi A ipj). Then by the construction of ^\,igi there is some w' £ Wu g 
such that \=' h ' g ih for all <p — > \a\ib £ £ n such that |= h ' 9 (p. Thus RJw) ^ 

and |= h,9 (pi — >• (a)T. 

(<=)■ Suppose Tis not modular. Then there must be some <p £ S'mt such 
that T\= .ip and S Wp\ <P- This means that there is v £ val(S) such that 
v 1/ ip. As v £ W^g (because Wu g contains all possible valuations of 5), 
Mug is not a model of T ■ 

5.3 Correctness Under Modularity 

The following theorem establishes that the semantic contraction of a formula 
^ from the set of models of an action theory T produces models of some 
contracted theory in T^ . 

Theorem 5.2 Let T be modular, and <P be a law. For all M! £ M~^ such 

that \= T for every M £ M., there is T' £ T^ such that \= T' for every 
M' £ M'. 



that they are not always intuitive. For a deep discussion on implicit static laws, see the 
article by Herzig and Varzinczak [27]. 
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Proof: See Appendix A. ■ 

The next theorem establishes the other way round: models of theories 
in T^ are all models of the semantic contraction of # from models of T. 

Theorem 5.3 Let T be modular, <P a law, and T' £ T^. For all j$' such 

that \= T , there is A4' £ M.~j, such that M' £ M! and \= T for every 

..de M. 

Proof: See Appendix B. ■ 

With these two theorems one gets correctness of the operators: 

Corollary 5.1 Let T be modular, <P a law, and T' ET^. Then T hp DL ^ 
if and only if \= \P for every M' £ M! such that M! £ M$ for some M. 
such that \= T for all ^# £ M.. 

Proof: 

(=>): Let Jt' be such that \= T. By Theorem 5.3, there is M £ M$ such 

that J%' £ M 1 for some M such that |= Tfor all ^ £ M.. From this and 
V hp DL ^, we have |= &. 

(<=): Suppose T bpni^- (We show that there is some model M' £ M! such 

that M' £ M$ for some M with |= Tfor all Jt £ M, and p &.) 

Given that Tis modular, by Lemma B.l T is modular, too. Then, by 

Lemma B.3, there is jg' = (val(S'), R') such that ^*V Clearly \^'t', and 
from Lemma B.4 the result follows. ■ 



6 Assessment of Postulates for Change 

Do our action theory change operators satisfy the classical postulates for 
change? Before answering this question, one should ask: do our operators 
behave like revision or update operators? We here address this issue and 
then show which postulates for theory change are satisfied by our definitions. 

6.1 Contraction or Erasure? 

The distinction between revision/ contraction and update/erasure for classi- 
cal theories is historically controversial in the literature. The same is true 
for the case of modal theories describing actions and their effects. We here 
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rephrase Katsuno and Mendelzon's definitions [31] in our terms so that we 
can see to which one our method is closer. 

In Katsuno and Mendelzon's view, contracting a law <P from an action 
theory T intuitively means that the description of the possible behavior of 
the dynamic world Tmust be adjusted to the possibility of § being false. 
This amounts to selecting from the models of —>$ those that are closest to 
models of Tand allow them as models of the result. 

In contrast, update methods select, for each model jtft of T, the set of 
models of <P that are closest to ^#. Erasing <P from Tmeans adding models 
to T; for each model ^jf, we add all those models closest to ^ in which <P is 
false. Hence, from our constructions so far it seems that our operators are 
closer to update than to revision. 

Moreover, according to Katsuno and Mendelzon's view [31], our change 
operators would also be classified as update because we make modifications 
in each model independently, i.e., without changing other models. 10 Besides 
that, in our setting a different ordering on the resulting models is induced 
by each model of T (see Definitions 3.3, 3.7 and 3.10), which according to 
Katsuno and Mendelzon is a typical property of an update/erasure method. 

Nevertheless, things get quite different when it comes to the postulates 
for theory change. 

6.2 The Postulates 

We here analyze the behavior of our action theory change operators w.r.t. 
Katsuno and Mendelzon's postulates and variants. Let T= S\J£\JX denote 
an action theory and <!> denote a law. 

Monotonicity Postulate: T[= D1 _T / , for all T <E 7|. 

This postulate is our version of Katsuno and Mendelzon's (CI) and (El) 
postulates for contraction and erasure, respectively, and is satisfied by our 
change operators. The proof is in Lemma A.l. Such a postulate is not sat- 
isfied by the operators proposed by Herzig et al. [21]: there when removing 
e.g. an executability law ip — > (a)T one may make ip — > [a]_L valid in all 
models of the resulting theory. 

Preservation Postulate: If 7~^ DL <£, then ^, D[ T^ T\ for all T e 7^. 



Even if when contracting an effect law from one particular model we need to check 
the other models of the theory, those are not modified. 
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This is Katsuno and Mendelzon's (C2) postulate. Our operators satisfy 
it as far as whenever TU, &, then the models of the resulting theory are 
exactly the models of T, because these are the minimal models falsifying <P. 

The corresponding version of Katsuno and Mendelzon's (E2) postulate 
about erasure, i.e., if Tb-.-i^, then hs DL 7 '<-> T', for all T' G TJ, is clearly 
also satisfied by our operators as a special case of the postulate above. 
Satisfaction of (C2) indicates that our operators are closer to contraction 
than to erasure. 

Success Postulate: If T^ DL _L and ^p DL ^, then T ^, DL &, for all T'e7^. 

This postulate is our version of Katsuno and Mendelzon's (C3) and (E3) 
postulates. If # is a propositional <p> G 3"m[, our operators satisfy it, as long as 
the classical propositional change operator satisfies it. For the general case, 
however, as stated the postulate is not always satisfied. This is shown by the 
following example: let T= {—>p,(a)T,p — > [ffl]-L}- Note that Tis modular 
and consistent. Now, contracting the (contingent) formula p — > {a)T from 
Tgives us T = T. Clearly T |=s DL P — > (a)T. This happens because, despite 
not being a tautology, p — ► (o)T is a 'trivial' formula w.r.t. T: since —>p is 
valid in all Tmodels, p — ► {a)T is trivially true in these models. 

Fortunately, for all those formulas that are non-trivial consequences of 
the theory, our operators guarantee success of contraction: 

Theorem 6.1 Let T be consistent, and be an executability or an effect 
law such that S ^ DL ^- If T is modular, then T t4 DL ^ f or every T G 7^. 

Proof: Suppose there is T G T^ such that T |= <P. As Tis modular, 
Corollary 5.1 gives us \= <P for every jtfi 1 G M.' such that M! G M^, where 
M = {Jt :^Tand Jt = (val(S),R)}. 

If |= @ for every J£' G M', then even for Jt" G M'\M we have |= $. 

But jtf" G ^~ for some J( G A4, and by definition \^ $. Hence jft^ = 0, 
and then the truth of <I> in ^# does not depend on R a . Then, whether <P has 
the form ip — > (a)T or ip — > [o]^, for ip,ip € 3tnt, this holds only if 5 hpp, - "/? 
(see Definitions 3.1 and 3.5), in which case we get 5 hp DL ^- ■ 

Equivalences Postulate: If |== "71 <-> T and hp DL ^i <-► ^2, then |= 
T/ <-> T 2 ', for T/ G (TOm and T 2 ' G (T 2 )^. 

This postulate corresponds to Katsuno and Mendelzon's (C4) and (E4) 
postulates. Under modularity and the assumption that the propositional 
change operator satisfies (C4)/(E4), our operations satisfy this postulate: 
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Theorem 6.2 LetT\ an&Ti be modular. If\=T\ <-> T2 and hs DL ^i <-> ^2,< 
i/ien /or each T{ G (^i)$ 2 ttere is Xjf G (^2)^ swc/i i/iai |= T/ <-> 7^', and 



vice-versa. 



Proof: The proof follows straight from our results: since |= T\ <-> T2 and 
|=p D| ^1 <-> ^2) they have pairwise the same models. Hence, given j$ such 

that |= T\ and |= T2, the semantic contraction of ^>\ and that of $2 from ^ 
have the same operations on j$ . As 7i and T2 are modular, Corollary 5.1 
guarantees we get the same syntactical results. Moreover, as the classical 
operator e satisfies (C4)/(E4), if follows that hp D| _T/ <-> T{. ■ 

Recovery Postulate: T 7 U {#} hp DL ^ for a11 7~' G 7J. 

This is the action theory counterpart of Katsuno and Mendelzon's (C5) 
and (E5) postulates. Again we rely on modularity in order to satisfy it. 

Theorem 6.3 Let T be modular. T' U {$} ^, D[ T, for all T G 7J. 

Proof: If TU= #, because our operators satisfy the preservation postulate, 
T = T, and then the result follows by monotonicity. 

Let T \= <P, and let M! denote the set of all models of T . As 7~is 

modular, by Corollary 5.1 every .M 1 G M 1 is such that either |= T (and 

then |= $) or Jt' G contract{Ji ,$) (and then M' G ^$) for some J% 

such that |= T. 

Let M" denote the set of all models of T U {0}. Clearly M" C M', 

by monotonicity. Moreover, every ./#" G M. is such that \= <I>, hence 
M" £ ^t§ for every M such that |= TJ and then „#" £ contract{M , <£), 
for any ^# model of T. Thus jj(" is a model of Tand then T U {<£>} \= T. 

■ 

Let V^# denote the disjunction of all T in T^. 

Disjunctive rule: (T\ V^)^ is equivalent to V (7i)^ V V (^2)0- 

This is our version of (E8) erasure postulate by Katsuno and Mendelzon. 
Clearly our syntactical operators do not manage to contract a law from a 
disjunction of theories T\ V 7^. Nevertheless, by proving that it holds in 
the semantics, from the correctness of our operators, we get an equivalent 
operation. Again the fact that the theories under concern are modular gives 
us the result. 
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Theorem 6.4 Let 71 and Ti be modular, and <P be a law. Then 
^ DL V (Ti V T 2 )l <- (\/ (Ti)^ V \/ CT 2 )*) 

Proof: 

(«=): Let ^T' be such that ^' V (7i)i vV(Tj);. Then ^" V (Ti)^ or 
1= V(^2)i~- Suppose |= V (^1)0 (* ne other case is analogous). Then 
there is (71)' G (71 )^ such that |= (Ti)'. Then by Corollary 5.1, there is 
.M' G .Ml such that „#' G Af, for M a set of models of 71. Then ^#' 



is 



a model resulting from contracting <P from models of 71 , and then ^#' also 
results from contracting ^ in models of 71 VT^, viz. those models of 71. Then 

by Corollary 5.1, there is (71 V T 2 )' G (71 Vf 2 )$ such that ^ (71 V T 2 )', 

and then ^'\/ (71 V T 2 )". 

(=>■): Let j(' be such that ^" V (71 V7" 2 )~. Then there is (71 V %)' G 

(71 Vf 2 )$ such that ^ (71 V T 2 )' . By Corollary 5.1, there is M' G M$ 
such that ,/#' G A4', for A4 a set of models of 71 V 7^. Then ^#' is a model 
resulting from contracting <L> from models of 71 V Tj. Hence ^#' results 
from contracting <L> from models of 71 or from models of T 2 . Suppose the 
former is the case (the second is analogous). Then by Corollary 5.1 there is 

(71)' G (Ti)^ such that ^'(71)', and then \^'\J (71)^. ■ 

We have thus shown that our constructions satisfy (E8) postulate. Nev- 
ertheless there is no evidence whether it is really expected here. This sup- 
ports our position that our operators' behavior is closer to contraction than 
to erasure. To finish up we state a new postulate: 

Preservation of modularity: If T is modular, then every T G 7^ is 
modular. 

Changing a modular theory should not make it nonmodular. This is 
not a standard postulate, but we think that as a good property modularity 
should be preserved across changing an action theory. If so, this means 
that whether a theory is modular or not can be checked once for all and 
one does not need to care about it during the future evolution of the action 
theory, i.e., when other changes will be made on it. Our operators satisfy 
this postulate and the proof is given in Appendix B. 
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7 A Semantics for Action Theory Revision 

So far we have analyzed the case of contraction: when evolving a theory 
one realizes that it is too strong and hence it has to be weakened. Let's 
now take a look at the other way round, i.e., the theory is too liberal and 
the agent discovers new laws about the world that should be added to her 
beliefs, which amounts to strengthening them. 

Suppose the action theory of our scenario example were initially stated 
as follows: 

{coffee — > hot, token — > (buy)T, 
-^coffee— > [buy] coffee, -'token — > [buy]-L, 
coffee — > \buy\coffee, hot — > [buy]hot 

Then the big-model of Tis as shown in Figure 12. 
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Figure 12: Model of the new initial action domain description. 

Looking at model ^ in Figure 12 we can see that, for example, the 
agent does not know that she loses her token every time she buys coffee at 
the machine. This is a new law that she should incorporate to her knowledge 
base at some stage of her action theory evolution. 

Contrary to contraction, where we want the negation of some law to 
become satisfiable, in revision we want to make a new law valid. This means 
that one has to eliminate all cases satisfying its negation. This depicts 
the duality between revision and contraction: whereas in the latter one 
invalidates a formula by making its negation satisfiable, in the former one 
makes a formula valid by forcing its negation to be unsatisfiable prior to 
adding the new law to the theory. 

The idea behind our semantics is as follows: we initially have a set of 
models M in which a given formula & is (potentially) not valid, i.e., # is 
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(possibly) not true in every model in A4. In the result we want to have 
only models of <P. Adding (^-models to Ad is of no help. Moreover, adding 
models makes us lose laws: the corresponding resulting theory would be 
more liberal. 

One solution amounts to deleting from M those models that are not <1>- 
models. Of course removing only some of them does not solve the problem, 
we must delete every such a model. By doing that, all resulting models will 
be models of <&. (This corresponds to theory expansion, when the resulting 
theory is satisfiable.) However, if KA contains no model of <P, we will end 
up with 0. Consequence: the resulting theory is inconsistent. (This is the 
main revision problem.) In this case the solution is to substitute each model 
M in M. by its nearest modification M^ that makes <P true. This lets us 
to keep as close as possible to the original models we had. But, what if for 
one model in KA there are several minimal (incomparable) modifications of 
it validating #? In that case we will consider all of them. The result will 
also be a list of models M$, all being models of 0. 

Before defining revision of sets of models, we present what modifications 
of (individual) models are. 

7.1 Revising a Model by a Static Law 

Suppose that our coffee deliverer agent discovers that the only hot beverage 
that is served on the machine is coffee. In this case, she might want to revise 
her beliefs with the new static law ^coffee — > ~^hot: she cannot hold a hot 
beverage that is not a coffee. 

Considering the model depicted in Figure 12, one sees that the formula 
-^coffee Ahot is satisfiable. As we do not want this, the first step is to remove 
all worlds in which -^coffee A hot is true. The second step is to guarantee 
that all the remaining worlds satisfy the new law. Such an issue has been 
largely addressed in the literature on prepositional belief base revision and 
update [15, 55, 31, 22]. Here we can achieve that with a semantics similar 
to that of classical revision operators: basically one can change the set of 
possible valuations, by removing or adding worlds. 

In our example, removing the possible worlds {t, ->c, h} and {->£, ->c, h} 
would do the job (there is no need to add new valuations since the new 
incoming law is satisfied in at least one world of the resulting model). 

The delicate point in removing worlds is that this may have as conse- 
quence the loss of some executability laws: in the example, if there were 
some arrow pointing from some world w to say {-it, ->c, h}, then removing 
the latter from the model would make the action under concern no longer 
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executable in w, if it was the only arrow labeled by that action leaving it. 
From a semantic point of view, this is intuitive: if the state of the world to 
which we could move is no longer possible, then we do not have a transition 
to that state anymore. Hence, if that transition was the only one we had, it 
is natural to lose it. 

Similarly, one could ask what to do with the accessibility relation if 
new worlds are added, i.e., when expansion is not possible. Following the 
discussion in Section 3.3, we here prefer not to systematically add new arrows 
to the accessibility relation, and postpone correction of executability laws, 
if needed. This approach is debatable, but with the information we have at 
hand, this is the safest way of changing static laws. 

The semantics for revision of one model by a static law is as follows: 
Definition 7.1 Let JZ = { W, R). Jt' = (W, R 1 ) £ Jt* if and only if: 

• W= (W\val(-^(p))Uval(ip) 

• R' C R 



Clearly |= ip for each ./#' £ J%£. The minimal models resulting from 
revising a model jft by ip are those closest to j$ w.r.t. ~<j(.: 

Definition 7.2 Let M be a model and ip a static law. revise(^ , cp) = 
Umin{^* <j(\. 



the 



In the example of model j$ in Figure 12, revise{^ , -^coffee — > ^hot) is 
singleton {.-#'}, where M' is as shown in Figure 13. 
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Figure 13: Model resulting from revising the model j$ in Figure 12 with 
-^coffee — > -'hot 



39 



7.2 Revising a Model by an Effect Law 

Let's suppose now that our agent eventually discovers that after buying 
coffee she does not keep her token. This means that her theory should now be 
revised by the new effect law token — > [buy]^token. Looking at model ^ in 
Figure 12, this amounts to guaranteeing that the formula token A (buy)token 
is satisfiable in none of its worlds. To do that, we have to look at all the 
worlds satisfying this formula (if any) and 

• either make token false in each of these worlds, 

• or make (buy) token false in all of them. 

If we chose the first option, we will essentially flip the truth value of 
literal token in the respective worlds, which changes the set of valuations 
of the model. If we chose the latter, we will basically remove buy-a,rrows 
leading to iofcen-worlds. In that case, a change in the accessibility relation 
will be made. 

In our example, we have that the possible worlds {token, coffee, hot}, 
{token, ^coffee, hot} and {token, -^coffee, ^hot} satisfy token A (buy) token and 
all they have to change. 

Flipping token in all these worlds to ^token would do the job, but would 
also have as consequence the introduction of a new static law: ^token would 
now be valid, i.e., the agent never has a token. 

Here we think that changing action laws should not have as side effect 
a change in the static laws. Given their special status, these should change 
only if explicitly required (see above). In this case, each world satisfying 
tokenA (buy) token has to be changed so that (buy)token is no longer true in it. 
In our example, we should remove the arrows ({token, coffee, hot}, {token, coffee, hot}), 
({token, -^coffee, hot}, {token, coffee, hot}) and ({token, -^coffee, -^hot}, {token, coffee, hot}). 

The semantics of one model revision for the case of a new effect law is: 
Definition 7.3 Let JZ = (W,R). .A 1 = (W,R') <E -4£_> w if and only if: 

• W = W 

• R 1 C R 
If(w,w f ) eR\R!, then \fip 

\= <p -> [a]il> 
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The minimal models resulting from the revision of a model ^ by a new 
effect law are those that are closest to jtft w.r.t. ~<jg: 

Definition 7.4 Let ^ be a model and ip — > [a]ip an effect law. revise(^ , y> - 
[<#) = Umin{^*^ [a]v „ rL#}. 

Taking again ^# as in Figure 12, revise(^ , token — > [fiuj/j-itfoften) will 
be the singleton {^'} (Figure 14). 



(if, c, ^ 
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Figure 14: Model resulting from revising the model j$ in Figure 12 with 
the new effect law token— > [&m/]-itofcen. 



7.3 Revising a Model by an Executability Law 

Let us now suppose that in some stage it has been decided to grant free 
coffee to everybody. Faced with this information, the agent will now revise 
her laws to reflect the fact that buy can also be executed in -itofcen-contexts: 
-■tofcen — > {buy)T is a new executability law (and hence we will have (buy)T 
in all new models of the agent's beliefs). 

Considering again the model in Figure 12, we observe that —i(—itoken — > 
(buy)T) is satisfiable in ^ . Hence we must throw -^token A [5m/]L away to 
ensure the new formula becomes true. 

To remove -^token A [fruj/jL we have to look at all worlds satisfying it 
and modify ^ so that they no longer satisfy that formula. Given worlds 
{-itofcen, -^coffee, -^hot} and {-itoken, -^coffee, hot}, we have two options: change 
the interpretation of token or add new arrows leaving these worlds. A ques- 
tion that arises is 'what choice is more drastic: change a world or an ar- 
row'? Again, here we think that changing the world's content (the valua- 
tion) is more drastic, as the existence of such a world was foreseen by some 
static law and is hence assumed to be as it is, unless we have enough in- 
formation supporting the contrary, in which case we explicitly change the 
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static laws (see above). Thus we shall add a new buy-arrow from each of 
{-itoken,-icoffee,-ihot} and {-'token,-' coffee, hot}. 

Having agreed on that, the issue now is: which worlds should the new 
arrows point to? Recalling the reasoning developed in Section 3.2, in order to 
comply with minimal change, the new arrows shall point to worlds that are 
relevant targets of each of the —'token- worlds in question. In our example, 
{-itofcen, coffee, hot} is the only relevant target world here: the two other 
-ifofcen- worlds violate the effect coffee of buy, while the three token-worlds 
would make us violate the frame axiom -^token — > [buy]^token. 

The semantics for one model revision by a new executability law is as 
follows: 

Definition 7.5 Let JZ = (W,R). .£' = {W,R') G ^*^, a)T if and only 
if: 

• W = W 

• RC R' 

• If(w,w') G R'\R, thenw' G RelTarget(w , (p — > [a]_L, Jt,M) 

•h ^ («) T 

The minimal models resulting from revising a model ^ by a new exe- 
cutability law are those closest to .-# w.r.t. -<j%: 

Definition 7.6 Let M be a model and ip — > (o)T be an executability law. 
revise(j%,<p -> (a)T) = Umin{^'*_ > ^ T , :!#}. 

In our running example, revise(^ , ^token — ► (buy)T) is the singleton 
{-/#'}, where M' is as shown in Figure 15. 

7.4 Revising Sets of Models 

Up until now we have seen what the revision of single models means. This is 
needed when expansion by the new law is not possible due to inconsistency. 
We here give a unified definition of revision of a set of models A4 by a new 
law $: 

Definition 7.7 Let M. be a set of models and <P a law. Then 

t j M\{J( :^<P}, if there is JZ G M s.t. ^ <L> 
{ {J^ £M revise(.^,<P), otherwise 
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fo,-.C, -i^ (f, -.C, -i^t) (-nj,-iC, fe) 



Figure 15: The result of revising model „# in Figure 12 by the new exe- 
cutability law -^token — ► {buy)T. 

Observe that Definition 7.7 comprises both expansion and revision: in the 
first one, simple addition of the new law gives a satisfiable theory; in the 
latter a deeper change is needed to get rid of inconsistency. 

8 Related Work 

To the best of our knowledge, the first work on updating an action domain 
description is that by Li and Pereira [33] in a narrative-based action de- 
scription language [16]. Contrary to us, however, they mainly investigate 
the problem of updating the narrative with new observed facts and (possi- 
bly) with occurrences of actions that explain those facts. This amounts to 
updating a given state/configuration of the world (in our terms, what is true 
in a possible world) and focusing on the models of the narrative in which 
some actions took place (in our terms, the models of the action theory with 
a particular sequence of action executions). Clearly the models of the action 
laws remain the same. 

Baral and Lobo [4] introduce extensions of action languages that allow 
for some causal laws to be stated as defeasible. Their work is similar to 
ours in that they also allow for weakening of laws: in their setting, effect 
propositions can be replaced by what they call defeasible (weakened versions 
of) effect propositions. Our approach is different from theirs in the way 
executability laws are dealt with. Here executability laws are explicit and 
we are also able to contract them. This feature is important when the 
qualification problem [37] is considered: we may always discover contexts 
that preclude the execution of a given action (cf. the Introduction). 

Liberatore [34] proposes a framework for reasoning about actions in 
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which it is possible to express a given semantics of belief update, like Winslett's [55] 
and Katsuno and Mendelzon's [31]. This means it is the formalism, essen- 
tially an action description language, that is used to describe updates (the 
change of propositions from one state of the world to another) by expressing 
them as laws in the action theory. 

The main difference between Liberatore's work and Li and Pereira's is 
that, despite not being concerned, at least a priori, with changing action 
laws, Liberatore's framework allows for abductively introducing in the action 
theory new effect propositions (effect laws, in our terms) that consistently 
explain the occurrence of an event. 

The work by Eiter et al. [12, 13] is similar to ours in that they also 
propose a framework that is oriented to updating action laws. They mainly 
investigate the case where e.g. a new effect law is added to the description 
(and then has to be true in all models of the modified theory). This problem 
is the dual of contraction and is then closer to our definition of revision (cf. 
Section 7). 

In Eiter et a/.'s framework, action theories are described in a variant 
of a narrative-based action description language. Like in the present work, 
the semantics is also in terms of transition systems: directed graphs hav- 
ing arrows (action occurrences) linking nodes (configurations of the world). 
Contrary to us, however, the minimality condition on the outcome of the 
update is in terms of inclusion of sets of laws, which means the approach is 
more syntax oriented. 

In their setting, during an update an action theory Tis seen as composed 
of two pieces, T u and T m , where T u stands for the part of T that is not 
supposed to change and T m contains the laws that may be modified. In our 
terms, when contracting a static law we would have T m = S U X a , when 
contracting an executability T m = X a , and when contracting effects laws 
T m = £~ . The difference here is that in our approach it is always clear what 
laws should not change in a given type of contraction, and T u and T m do 
not need to be explicitly specified prior to the update. 

Their approach and ours can both be described as constraint-based up- 
date, in that the theory change is carried out relative to some restrictions 
(a set of laws that we want to hold in the result). In our framework, for 
example, all changes in the action laws are relative to the set of static laws 
S (and that is why we concentrate on models of Thaving val{S) as worlds). 
When changing a law, we want to keep the same set of states. The differ- 
ence w.r.t. Eiter et al.'s approach is that there it is also possible to update 
a theory relatively to e.g. executability laws: when expanding Twith a new 
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effect law, one may want to constrain the change so that the action under 
concern is guaranteed to be executable in the result. 11 As shown in the 
referred work, this may require the withdrawal of some static law. Hence, in 
Eiter et a/.'s framework, static laws do not have the same status as in ours. 

Herzig et al. [21] define a method for action theory contraction that, 
despite the similarity with the current work and the common underlying 
motivations, is more limited than the present constructions. 

First, with the referred approach we do not get minimal change. For 
example, in the referred work the operator for contracting executability 
laws is such that in the resulting theory the modified set of executabilities 
is given by 

*a = {(<Pi A -■¥>) -> (a)T : ^ -> (a)T G X a } 

which, according to its semantics, gives theories among whose models are 
those resulting from removing arrows from all ip- worlds. A similar comment 
can be made w.r.t. contraction of effect laws. 

Second, Herzig et aZ.'s contraction method does not satisfy most of the 
postulates for theory change that we have addressed in Section 6. Besides 
not satisfying the monotonicity postulate, it does not satisfy the preservation 
one. To witness, suppose we have a language with only one atom p, and the 
model ^# depicted in Figure 16. 





Figure 16: Counter-example to preservation in the method of contraction 
by Herzig et al. [21]. 

Then \= p —> [a\^p and ^ [a] _, P- Now the contraction operator defined 
there is such that when removing [a]^p from ^K yields the model j$' in 

Figure 16 such that R' a = W x W. Then ^t p —> [a]^p, i.e., the effect law 
p — > [a]^p is not preserved. 



We could simulate that in our approach with two successive modifications of 71 first 
adding the effect law and then an executability law (cf. Section 7). 
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9 Comments 

In this section we make some comments about possible modifications or 
improvements in our constructions so far. 

9.1 Other Distance Notions 

Here we have used a model distance based on symmetric differences between 
sets. This distance is quite close to Winslett's [55] notion of closeness be- 
tween interpretations in the Possible Models Approach (PMA). Instead of 
it, however, we could have considered other distance notions as well, like 
e.g. Dalal's [9] distance, Hamming distance [18], or weighted distance. Due 
to space limitations, we do not develop a through comparison among all 
these distances here. We nevertheless do show that with a cardinality-based 
distance, for example, we may not always get the intended result. 

Let card(X) denote the number of elements in set X . Then suppose our 
closeness between PDL-models was defined as follows: 

Definition 9.1 (Cardinality-based closeness between PDL-Models) 

Let .Jf = (W, R) be a model. Then M 1 = (W, R') is at least as close to M 
as JC" = ( W", R"), noted Jt' <^ J(" , if and only if 



either card( W- W) < card( W- W") 

or card( W- W) = card( W- W) and card(R-R') < card{R-R") 



Such a notion of distance is closely related to Dalal's [9] closeness. 

Since when contracting a static law ip from a model ^ we usually add 
one new possible world, it is easy to see that with this cardinality-based 
distance we get the same result in contract{^ , </?) as with the distance from 
Definition 2.10. 

When it comes to contraction of action laws, and then changing the ac- 
cessibility relations, however, this cardinality-based distance does not seem 
to fit with the intuitions. To witness, consider the model ^# in Figure 17, 
which satisfies the executability law Pi — > {a)T. 

Then, ^(~ -»( >T = {-^"j-^"}) where ^' and j$" are as depicted in 
Figure 18. 

Note that ^#" is an intended contracted model. However, with the 
cardinality-based distance above we will get {~#}~ _>/ yr = {{^ ,^'}}- 
We do not have {^#, ^"} in the result since ^(' <j( ^i' 1 : in ^' only one 
arrow has been removed, while in ^K" two. 
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Pi ■ -^2) 




^Pl < ^2) 



Figure 17: A model M satisfying p 1 — > (a)T. 



(pTTpT) 




(Pl^P-2) 



^Pl j ^P2) 



fel i ~jPg) 



("Pi ; -'P2) 



Figure 18: Models resulting from contracting p 1 — > (a)T in the model ,y# of 
Figure 17. 

9.2 Inducing Executability 

Regarding the semantics for contracting static laws, we could try to go 
further and at least make a guess about what executability laws we should 
preserve. Before doing that, we need a definition. 

Definition 9.2 (Closeness between Valuations) Let v be a propositional 
valuation. The valuation v 1 is as close to v as v" , noted v 1 -< v v" , if and only 
if v—v 1 C v—v". 

So the distance between valuations v\ and V2 is the set of literals on which 
they differ: v x -v 2 = {£ : v x Ih £ and v 2 f £} U {£ : v 2 If- £ and v x f £}. 

Our argument now is as follows: when adding a new world, we can look 
at its contents and see what happens in worlds that are similar to it (by 
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similar here we mean the possible worlds that are closest to it). A priori 
and intuitively we can expect that if we put a new arrow leaving the new 
world, it will neither point to a world that is the target of no other world, 
nor point to a world that is not closest to it. It is reasonable to expect that 
in the new world a given action may have a behavior that is quite similar to 
that which it has in the worlds that are closest to the new one. Hence we 
select the worlds whose distance to the new one is minimal, look at where 
the arrows leaving them point to, and then point the new arrow there. With 
a similar argument, we can decide which arrows targeting the new world add 
to the model. The definition below formalizes this. 

Definition 9.3 Let J?=(W,R). J(' = {W, R') e JC~ if and only if 

• WC W 

• RCR' 

• Ifw'<E W\W, then R'{w') C R(w) and R'-^w') C R~ l {w), 
where w e \J min{ W, dtw'} 



• There is w e W s.t. p </? 



With this new definition, what we do is suppose that some of the known 
laws for the other worlds can still be true in the new state, by analogy to 
the other possible states. In a similar way, when facing a new situation, we 
may wonder how we got there. Again, by analogy with known states, we 
could expect that we get to the new state coming from a state that usually 
produces something similar to what we have now in front of us. In this case 
we have a kind of abduction-like reasoning that may of course be wrong but 
that is not illegal. 

Although intuitive, at least in its motivation, adopting Definition 9.3 
could have some undesirable side effects. For example, if in the semantics 
we decide to add new arrows pointing from and to the new added world, 
then our corresponding operator may not satisfy the monotonicity postulate. 
To see, let 

Pi ®V2,Vi -> [a]p 2 , 



Pi ~> (a) T ,P2 -> M-L 

The only model of Tis ^ = (W, R) such that W = {{p 1 ,^p 2 },{^Pi,P2}} 
and R= {({p 1; -ifr}, {->p 1 ,p 2 })} (Figure 19). 



( frl > ^2) » (-'Pl>P2) 

\ * 



(Pi-^2) ^ > Qi,P2) ^f' : 



• Pl>Pl I 



Figure 19: Counter-example to monotonicity when adding arrows to/from 
new worlds in the semantics of static law contraction. ^ denotes the orig- 
inal model of TJ while ^#' shows the new added world and the candidate 
arrows to add to R a . 

If we contract p l — *• —ip 2 from T, in the semantic result we have only the 

model M' in Figure 19 such that \= p x — > (a)(a)p 2 - Then, we would have 

T' hp DL Pi -> {a)(a)P2, and then T ^ DL T '- 

The very issue with such a semantic characterization however would be 
how to capture it at the syntactic level: what syntax operator for change 
should we have in order to capture this closeness between possible worlds? 
More importantly, since we may be wrong about a guess regarding the exe- 
cutability or an effect of a given action, how can it be rolled back in the new 
theory? These are open questions that we leave for further investigation. 

10 Concluding Remarks 

In this work we have given a semantics for action theory change in terms of 
distances between models that captures the notion of minimal change. We 
have given algorithms to contract a formula from a theory that terminate 
and are correct w.r.t. the semantics (Corollary 5.1). We have shown the 
importance that modularity has in this result and in others. 

Under modularity, our operators satisfy all the postulates for contraction. 
This supports the thesis that our modularity notion is fruitful. 

By forcing formulas to be explicitly stated in their respective modules 
(and thus possibly making them inferable in independently different ways), 
modularity intuitively could be seen to diminish elaboration tolerance [38]. 
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For instance, when contracting a Boolean formula if in a non-modular the- 
ory, it seems reasonable to expect not to change the set of static laws S, 
while the theory being modular surely forces changing such a module. 

It is not difficult, however, to conceive non-modular theories in which 
contraction of a formula ip may demand a change in S as well. As an 
example, suppose S = {ip\ — > ^2} hi an action theory from whose dynamic 
part we (implicitly) infer —>ip2- In this case, contracting —xpi while keeping 
->ip2 would necessarily ask for a change in S. 

We point out nevertheless that in both cases (modular and non-modular) 
the extra work in changing other modules stays in the mechanical level, i.e., 
in the algorithms that carry out the modification, and does not augment in a 
significant way the amount of work the knowledge engineer is expected to do. 
Moreover, considering the evolution of the theory, i.e., future modifications 
one should perform in it, modularity has to be checked /ensured only once, 
since it is preserved by our operators (cf. Lemma B.l). 

While terminating, our algorithms come with a considerable computa- 
tional cost: the entailment test in K n with global axioms is known to be 
PSPACE-complete. Although this may be acceptable (theory change can be 
carried out offline), the computation of IP(.) might result in exponential 
growth. 

We have also extended Varzinczak's studies [52] by defining a semantics 
for action theory revision based on minimal modifications of models. For 
the corresponding revision algorithms, the reader is referred to the work by 
Varzinczak [53]. One of our ongoing researches is on assessing our revision 
operators' behavior w.r.t. the AGM postulates for revision [1]. 

Another issue that drives our future research on the subject is how to 
contract not only laws but any PDL-formula. As defined, the order of appli- 
cation of our operators matter in the final result: if we contract <p and then 
if — > [a]'ip from a theory 7", the result may not be the same as contracting 
if — > [a]ip first and then removing if. This problem would not appear in a 
more general framework in which any formula could be contracted: removing 
if A {ip — > [a]tp) should give the same result as (ip — > [a]ip) A ip. 

Definitions 3.1, 3.5 and 3.8 appear to be important for better under- 
standing the problem of contracting general formulas: basically the set of 
modifications to perform in a given model in order to force it to falsify a 
general formula will comprise removal/ addition of arrows/worlds. The def- 
inition of a general revision/contraction method will then benefit from our 
constructions. 
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Given the connection between multimodal logics and Description Log- 
ics [3], we believe that the definitions here given may also contribute to 
ontology evolution and debugging in DLs. 
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A Proof of Theorem 5.2 

Let T be modular, and <P be a law. For all M' £ M.~^ such that \= T for 
every ^ £ M., there is T £ T^ such that \= T for every ^ £ A4' . 

Lemma A.l T^= D[ T'. 

Proof: Let Tbe an action theory, and T £ T^, for a law. We analyze 
each case. 

Let <I> be of the form <p — > (a)T, for some (p £ gmt. Then T is such that 
T = (T\ X a ) U {fa A -n(7r A ip A )) - (a)T : Vi - (a)T £ X a } 
where % £ IP(S A <p) and <p A = A^—-^ A A Pi6 S^o ^ft, for some A C 

atm{-K). 

Let ^# = (W,R) be such that \= T. It is enough to show that ^ is a 
model of the new laws. For every (cpi A->(tt A(fA)) — > (o)T, for every w £ W, 
if \= (pi A -i(7r A </?a), then |= <^. Because 2~hp DL <£i -> (a)T, \= <pi ->■ (a)T, 
and then R a (w) ^ 0. 

Hence |= 7"'. 
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Let now <P have the form cp — > [a]ip, for (p, if) G Jml. Then T is such that 

(nou 

{(<Pi A — i(7r A ipa)) -> [<#j : ^ -> [<#« G £~} U 
7-' = {(y« A 7T A ^) -> [a](^i V 7r') : ^ -> [a]^ £^"}U 

£ G L, for some L C £it s.t. 
(tt A^a A£) -> [a](-0 V£) : 5 1/ fa' A A* Gi ^) -» -U and £ £ tt' 

or T^ dl (tt A y>A A f) -> [aH 

where £~ = Ui<i< n (£^)i. vr G IP{S A<p), ip A = A„ e ^o ftAA p . 6 ^^y -ft, 

Pi GA Pi £A 



for some ^4 C atm(Tr), and 71 7 G JP(«S A ->^>). 

Let „<# = (W, i?) be such that \= T. It is enough to show that M is a 
model of the added laws. Given (cpi A ->(7r A ^4)) — > [fl]^, for every w; G W, 
if ^= 9?i A — <(7T A <£>a), then |= p*. Because T|= DL <^ -> [a]ipi, \= <pi -> [a]ipi, 
and then \=,ipi for every w' G W^such that (w,w') G i? a . 

For (</3j A tt A <^yi) — > [a]("0i V tt'), for every u> G W, if |= ipiAn A ip A , then 
again |=,^i for every w' G VF such that (w,w') G i? a . 

Now, given (tt A ipA A £) —> [a](ip V £), for every w G W, if |= tt A(pA Al, 
then |= 7T, and then |= 93. Since T\= ip — > [a]ip, we have |= <p — > [a]ip, and 
then \= ,ip for every w' G H^such that (w,w') G i? a . 

Hence |= T' . 

Let $bea propositional <p. Then T is such that 

((T\5)U5-)\Af a U 
T = {((pi A<p)^ (a)T : ^ -► (a)T G AfJ U 
{-V-[a]±} 

for some <S~ G «S G (p. 

Let ^# = ( W, R) be such that \= T. It suffices to show that .M satisfies 
the added laws. 

Since we assume behaves like a classical contraction operator, like e.g. 
Katsuno and Mendelzon's [31], we have b= p ,<S — > <?~, and then, because 

|= S, we have |= S~ . 



57 



Now given (<pi A p) — > (fl)T, for every w £ W, if |= cpi A<p, then |= </^, 

and because |= pi — > (o)T, we have R a (w) ^ 0. 

Finally, for -k^ — > [a]J_, because |= yj, ^# trivially satisfies -up — > [o]_L. 
Hence, ^V. ■ 

Proof of Theorem 5.2 

Let .M = {./# :\^7}, and At' G A4J. We show that there is 7 £ T$ 
such that |=' 7 for every JK' £ M' . 

By definition, each ^' £ M' is such that either |= Tor p <P. Because 
Tg 7^ 0, there must be 7 £ T^. If |= T, by Lemma A.l |= T' and we are 
done. Let's then suppose that p <£. We analyze each case. 

Let $ have the form <p — > (a)T for some <p £ #mL Then Jt' = { W\ R'), 

where W = W, R' = R\R%, with R* = {(w,w') :\= ' (p and (w,w') £ R a }, 
for some ^ £ A4. 

Let u £ W be such that ^ p —> (a)T, i.e., |= ip and R' a {u) = 0. 

Because u lh y>, there must be v £ base(p, W') such that v C u. Let 
7r = Af e^ ^- Clearly n is a prime implicant o£ S Aip. Let also c/?^ = f\^ u \ v A 
and consider 

7 = (T\ *J U {(^ A -n(7r A ^)) -> (a)T : ^ - (a)T G # a } 

(Clearly, T 7 is a theory produced by Algorithm 1.) 

It is enough to show that j$C is a model of the new added laws. Given 
(pi A — i(7r A </?a)) — * (a)T G 7, for every i/; G W 1 , if |= yjj A — >(7r A (^a), then 
1= G?i, from what it follows 1= p;. Because 1= w; — > (a)T, there is w' £ W 

' w w 

such that «/ G R a (w). We need to show that (w,w') £ R' a . If ^ y, then 

i?^ = 0, and (w, w') £ R' a . If |= p, either w = u, and then from |= n A pa 

we conclude |= (pi A — i(7r A Pa)) — > («}T, or w ^ u and then we must have 
(w, w') £ R' a , otherwise there is 5£ C R v a such that R-(R\S%) C R-(R\R£), 

and then Jt" = {W,R\ S£) is such that \^" p -> (o)T and ^" ^ ^', 
a contradiction because M 1 is minimal w.r.t. <j(. Thus (w,w') £ R' a , and 
then |^= (a)T. Hence |= 7. 
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Now let <P be of the form cp — > [a]ip, for (p,'ip both Boolean. Then 
.£' = (W, R'), where W = W, R' = R U R^, with 

#£'"* = {(™V) : w' G RelTarget(w,ip^ [aty , J? , M)} 

for some „# = ( W, R) G M. 

Let u£ W'be such that p (/? — > [a]^>. Then there is tt' G W^ such that 



(u,u') G i?' a and p, ^>. Because u lh </?, there is u G base(ip, W') such that 

v C u, and as it' II i|/>, there must be u' G base(^ip, W 1 ) such that 1/ C it'. 

Let 7r = /\ lGv £, ^ a = Ai&i\v^ and k' = l\ l( z v ,L Clearly ty (resp. tt') is a 
prime implicant of S A (p (resp. S A _, (/'). 

Now let £~ = Ui<»<Ti(^a )» an ^ let the theory 

(n«s Q -)u 

{(ipi A -.(7T A <^)) -> [a]^i : <^i -> [a]^ £ ^"} u 

7-' = {(^i A 7r A </?a) -> [a](ipi V 7r') : ^ -> [a]i/>; G £"} U 

£ G L, for some L C £it s.t. 
(vr A9?a A£) -> [a](^ V£) : 5 ty (n' A f\ ieL £) -> 1, and £ G tt' 

or T^ dl (tt A y?A A/)-^[oH 

(Clearly, T' is a theory produced by Algorithm 2.) 

In order to show that „#' is a model of T 1 , it is enough to show that 
it is a model of the added laws. Given (tpi A -1(77 A (£m)) — > [a]^ G T 7 , for 
every w G W^, if 1= w; A — i(7r A 03,4)1 then 1= %, and then 1= w;. Because 

'ill v 1 / ' ' w w 

\= ifi — > [o]^i, |= ; ^ for all «/ G W^such that (k;, u/) G ^ a - We need to show 
that #„(«;) = R a (w). If ^, then tf^ = 0, and then R' a (w) = R a (w). If 
1= ip, then either w = u, and from 1= tt A ip a we conclude 1= (<z>j A — 1(77 A 

' w u ' m v v 

VjO) ~^ M^i; or iu ^ it, and then we must have R^'^ = 0, otherwise there 
would be S^ c i2£'^ such that R-(RuS%>^) C R-(RUR^), and then 
./#" = ( W^i? U S£^) would be such that yf"<p -» [<# and ^T" ^ „#', 
a contradiction since ^#' is minimal w.r.t. ~<J{- Hence R' a (w) = R a (w), and 

|=, ipi for all w' such that (w,w') G i?' a . 

Now, given (^ A7rA(/?^) — > [a](tpi\fn'), for every w G H^, if |= <pi AirAtpA, 
then 1= (pi, and then 1= &;. Because, |= ipi — ► \a]ibi, we have 1= th; for all 

' 111 ' ' 111 ' ' ' L J ' ' I / 
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w' G W^such that (w,w f ) G R ai and then \= t tpi for every w' G W such that 

(«;,«;') G R' a \Rl^. Now, given (>,u/) G R^, ^V, and the result 
follows. 

Now, for each (n AtpA A£) — > [a](ipV£), for every w G W 7 ', if |= 7r A</?a A£, 

then |= 99, and then |= <p. Because |= ip — > [a]V>, we have 1=,^ f° r every 

«/ G W such that (w,w') G -R a > and then |=, -0 for all w' £ W* such that 

w' 

(w,w') G i?' a \ R%'^. It remains to show that |=, £ for every w' £ W* such 
that (w,w') G R^'^ . Since ./#' is minimal, it is enough to show that |= ; £ 
for every £ G £it such that |= n A <^ A £. If £ G 7r', the result follows. 
Otherwise, suppose ^ £. Then 

• either —>£ G 7r', then ir' and £ are unsatisfiable, and in this case Al- 
gorithm 2 has not put the law (ir A p>A A £) — > [a](0 V £) in T', a 
contradiction: 

• or -■£ G tt' \ i/. In this case, there is a valuation u" = (v! \ {->£}) U {£} 
such that u" 1/ 0. We must have u" G VF 7 , otherwise there will be 
1/ = {£{ : £i G u"} such that T|= (71"' A A^gL' ^*) ~~ * -*-' anc '' because 
Tis modular, S \^ PL (^' A f\ ii&L , £i) — > JL, and then Algorithm 2 has 
not put the law (-zr A (/^ A £) — > [a](ip V £) in T 7 , a contradiction. Then 
u" G W 1 , and moreover u" ^ R^'^(u), otherwise j%' is not minimal. 
As u" \ u C u' \ u, the only reason why u" £ R^^(u) is that there is 
£' G u n u" such that |= " f\ t . eu £j — > [a]-^' for every ^ G A4 if and 
only ii £' ^ 1/ for any 7/ G 6ose(-iV,W') such that t/ C u". Clearly 
£' = £, and because £ ^ 7r', we have |= '/\ <igu ^- — > [a]-i£ for every 
^ G A4. Then T|= DL (7r AcpA f\t) — > [a]->£, and then Algorithm 2 has 
not put the law (-7T A <p>A A £ ) — > [a](ip V I) in T' , a contradiction. 

Hence we have |=, ^ V £ for every «/ G W 1 such that («;, w') G i?' a . 

Putting the above results together, we get \= T . 

Let now ^ be some prepositional ip. Then j%' = (W',R'), where W C 
W 7 ', i?' = i?, is minimal w.r.t. -<j£i i- e -> M^ is a minimum superset of M^such 
that there is u G W 1 with u \f ip. Because we have assumed the syntactical 
classical contraction operator is sound and complete w.r.t. its semantics and 
is moreover minimal, then there must be S~ G SQip such that W = val(S~). 

Hence |= <S~. 
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Because R' = R, every effect law of T remains true in j$' . 

Now, let 

((T\S)US-)\X a U 
T = {(ifi A <p) -> (a)T : ip { -> (a}T G X a } U 
{-vp - N-L} 

(Clearly, T is a theory produced by Algorithm 3.) 

For every (ipi A ip) — > {a)T G T and every w G W 1 , if |= cpi A cp, then 
R a {w) t^ 0, because |= ^ — > (a)T. Given -k/? — > [a]_L, for every tu G W ', if 
1= -itp, then w = u, and R a (w) = 0. 

Putting all these results together, we have |= T . ■ 

B Proof of Theorem 5.3 

Let T be modular, $ a law, and T' G T^. For all ^' such that \= T' , there 
is M' G M$ such that Jt' G M' and \= T for every Jt G M. 

Lemma B.l Let <P be a law. IfTis modular, then every T G T^ is modu- 
lar. 

Proof: Let <P be nonclassical, and suppose there is T G T^ such that T 
is not modular. Then there is some ip' G #ml such that T |= ip' and 
iS' Wpi^f'i where S' is the set of static laws in T . By Lemma A.l, T\= T' , 
and then we have T |= ip' . Because <P is nonclassical, S' = S. Thus 
S Wp\}P' ■> anc ' nence ^"is n °t modular. 

Let now ^ be some <p G Jmt. Then 

((T\s)us-)\x a u 

T' = {((pi A<p)^ (a)T : Vi -► (a)T G ATJ U 
{-V-[ a ]±} 

for some <S~ E S Q ip. 

Suppose T is modular, and let tp' G 5"m[ be such that T |= (// and 
5" Vt P{! p'. 

As 5 t^piV'' there is v G wa/(<S ) such that v \f ip' . If v G val(S), then 
iS brpiV'' an( ^ as ^"^ s modular, T^ ip'. By Lemma A.l, T\= T', and we 
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have T U, ip', a contradiction. Hence v £ val(S). Moreover, we must have 
v \f~ p, otherwise Q has not worked as expected. 

Let ./# = (W,R) be such that |= T . (We extend jtft to another model 
of T.) Let JP = (W',R') be such that W = WL){v} and R' = R. To 
show that j$' is a model of T', it suffices to show that v satisfies every law 
in T' . As v G val(S~), \= S~ . Given -up — ► [a]_L G T', as i; 1/ <£ and 
R' a (v) = 0, |= -xp — > [a]_L. Now, for every </?, — > [aj^i G 7"', if |= ipi, then 

we trivially have \= ipi for every v 1 such that (w, v 1 ) G i?' a . Finally, given 
(cpi A y?) — > (a)T G T 7 , as u 1/ ip, the formula trivially holds in v. Hence 
|= T', and because there is v G W 1 such that p ip', we have T' bpni^'' a 
contradiction. Hence for all ip' G 5'ml such that T' |= y/, 5~ t p . <//, and 
then T 7 is modular. ■ 

Lemma B.2 /f -Mug = {Wbi g , Ru g ) is a model of T, then for every M = 
(W,R) such that \= T there is a minimal (w.r.t. set inclusion) extension 
R' C Rhi g \ R such that M' = (val(S), R U R 1 ) is a model of T. 

Proof: Let M\,i g = {Wbig,Ru g ) be a model of T, and let ^t = (W, R) be 
such that \^T. Consider M' = (val(S),R). If \^' % we have R' = C 
Rbig \ R that is minimal. Suppose then p T. We extend ^' to a model 
of Tthat is a minimal extension of j& . As p T, there is v G val(S) \ W 
such that p T. Then there is <P G Tsuch that bt ^. If ^ is some w G Stnt, 
as v G VFfcig, -#w 9 is not a model of T! If <P is of the form ip — > [a]tp, 
for ip,tp G 5'ml, there is r/ G val(S) such that (w, r/) G i? a and if \f ip, & 
contradiction since R a (v) = 0. Let now <? have the form ip — > (a)T for 

some 9J G ffml. Then [=%. As w G W^, if ^c/? -» (a)T, then ^ #6!9 T. 
Hence, Rf, ig (v) p 0. Thus taking any (w, i/) G -R&i Sa gives us a minimal 
#' = {{v, i/)} such that ^"' = (val(S),R U #') is a model of T. ■ 

Lemma B.3 Let T 6e modular, and & be a law. Then T\= <P if and only 
if every ^C = (val(S),R') such that \= ' T and R C R' is a model of<P. 

Proof: 

(=>): Straightforward, as ^"hp DL ^ implies |= for every j$ such that |= T, 
in particular for those that are extensions of some model of T. 
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(<=): Suppose T^ DL #. Then there is „# = {W,R) such that |= Tand 

^A ^. As Tis modular, the big model ^u g = {Whig, Rbig) of Tis a model 
of T. Then by Lemma B.2 there is a minimal extension R' of R w.r.t. R^g 

such that j&' = (val(S),R U R'} is a model of T. Because |A #, there is 

w £ W such that ^fc $. If <?> is some propositional </? G 5"m[ or an effect law, 

any extension j$' of j$ is such that p <£. If <£ is of the form ip — > (a)T, 

then |= 9? and R a (w) = 0. As any extension of „# is such that (w, v) G i?' 
if and only if u G val(S) \ W, only worlds other than those in W get a new 

leaving arrow. Thus (R U R') a (w) = 0, and then ^t $. ■ 

Lemma B.4 LetTbe modular, <P a law, andT' G T^. If \M' = {val(S'), R') 

is a model of T' , then there is M. = \^M : s% = (val(S),R) and \= T} such 
that J(' G M' for some M' G M$. 

Proof: Let Jt' = (val(S'),R') be such that \^' T . If \^' T, the result 
follows. Let's suppose then ^ T. We analyze each case. 

Let <P be of the form ip — > (a)T, for some <p G 5mL Let A4 = {^# : ^ = 
(val(S), R)}. As Tis modular, by Lemmas B.2 and B.3, M. is non-empty 
and contains only models of T. 

Suppose ^' is not a minimal model of T', i.e., there is ^(" such that 
•^" ~<J( *&' f° r some M G M. Then Ji' and M" differ only in the 
executability of a in a given </>world, viz. a 7r A (/^-context, for some 7r G 
IP(S Atp) and ^ = A P . e iM7Tft AA r . eiR n ft such that 4 C atm(7r). 

p»e^ p;(^ 



Because \£ (77 A 1/9,4) —> (o)T, we must have |= (77 A y^) — > (a)T and then 
|= T. Hence ^' is minimal w.r.t. ~<j(- 

When contracting executability laws, S' = S. Hence taking the right R 
and a minimal Ef a such that M = (val(S),R) and R' = R\ R v a , for some 
R v a C {(to, -u;') :^=% and (to, to') G R a }, we construct M' = M U {.#'} G 

tp^{a)T 

Let ^ be of the form ip — > [a]tp, for tp,xp G ^ml. Let A4 = {./# : ^ = 
(val(S), R)}. As Tis modular, by Lemmas B.2 and B.3, M. is non-empty 
and contains only models of T 

We claim that ^#' has only one arrow linking a <p- world, viz. a context 
tpi A 7T A if A for some tt G IP(S A y?) and ip A = A P . 6 5^yft A A P . e ^w ^Pi. 



P; e.4 P ^A 
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such that A C atm(Tr), to a n'- world, where k' G IP(S A -■?/>). The proof is 
as follows: given £ G £it such that £ holds in this (fi A ir A t/^-world 

• if (ttA^a A£) -> [a](^Vf) £ T, then £ ^ vr' and T|= DL (7r A<^ A£) -> 
[a]-i£. Then this world has only -^-successors. 

• if (n A if a A £) — > [a](?/> V£) € T', then every 7r'-successor is an I- world. 

By successively applying this reasoning to each I that holds in this (piAirf\ipA- 
world, we will end up with only one 7r'-successor. 

Suppose now that ./#' is not a minimal model of T' , i.e., there is ^i" 

such that \= T and J£" ~<j( Jt for some Ji G M. Then Jt' and Jt 
differ only in the effects on that ipi A tt A y)^- world : ^" has no arrow linking 
it to a 7r'- world. Then we have \= (tpi A it A yj^) — > [a]^, and then |= T. 
Hence .-#' is a minimal model of T w.r.t. ~<j(- 

When contracting effect laws, S = S. Thus taking the right R and 
a minimal R^ such that Jg = (val(S),R) and R' = RU B%+ , for some 
R^ Q {(w,w') :\= <f and w' G RelTarget(w,ip — > \d$),Jt, M)}, we con- 
struct M' = ^U {.,#'} G AT r a] ^. 

Let now ^ be ^ for some c/2 G JmL Since Tis modular, by Lemmas B.2 
and B.3 there is M = {val(S),R) such that |= T. We know val(S) C 
val(S~). Because -■(/? — ► [a]_L G T', R' a (v) = for every -K^-world v added 
in M' ■ Hence, because is minimal, taking M. = {^#} gives us the result. 



Proof of Theorem 5.3 

From the hypothesis that Tis modular and Lemma B.l, it follows that 
T is modular, too. Then j$' = (val(S'), R) is a model of T', by Lemma B.3. 
From this and Lemma B.4 the result follows. ■ 
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